diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-14 20:03:01 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-14 20:03:01 +0000 |
| commit | a453ac31f3428614cceb99027f8efbdb9258a40b (patch) | |
| tree | f61f87408f32a8511cbd91799f9cececb53e0374 /collections-debian-merged/ansible_collections/check_point | |
| parent | Initial commit. (diff) | |
| download | ansible-a453ac31f3428614cceb99027f8efbdb9258a40b.tar.xz ansible-a453ac31f3428614cceb99027f8efbdb9258a40b.zip | |
Adding upstream version 2.10.7+merged+base+2.10.8+dfsg.upstream/2.10.7+merged+base+2.10.8+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'collections-debian-merged/ansible_collections/check_point')
240 files changed, 31718 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/FILES.json b/collections-debian-merged/ansible_collections/check_point/mgmt/FILES.json new file mode 100644 index 00000000..fae8b14a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/FILES.json @@ -0,0 +1,1769 @@ +{ + "files": [ + { + "format": 1, + "ftype": "dir", + "chksum_sha256": null, + "name": ".", + "chksum_type": null + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "tests", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "tests/units", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "tests/units/modules", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "3780c2ea79f38c29e9c35072fb7d44751f0adf208d7bfe1a6d4b2cb7ae34614b", + "name": "tests/units/modules/test_cp_mgmt_administrator.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "a9231807f991a461cbd31f65a46460230bb2201b1a47c4cfbb94427d91af32be", + "name": "tests/units/modules/test_cp_mgmt_administrator_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "db9e5d214da32046310500e2e5c53fa9f22961403a24bff1775b3c5989be0df5", + "name": "tests/units/modules/test_cp_mgmt_application_site.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "83c76df7dd974023b094ed7db58f502f2fa2217fda3f6f870d679f4c67764e67", + "name": "tests/units/modules/test_cp_mgmt_application_site_category.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8de549b08b9e33864235fb28b3d77fd0389ceb61483c77899fd13a83bb77ea62", + "name": "tests/units/modules/test_cp_mgmt_application_site_category_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f1158d9aeed4aa7070106dcdcbb4f3e10a3380a75b814dc7fb7918f88fd12915", + "name": "tests/units/modules/test_cp_mgmt_application_site_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "64c40213f8e9b3f11ee3d796cebf174c88917dcbe6485da368a1ff2a246bd814", + "name": "tests/units/modules/test_cp_mgmt_application_site_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2a0cabcec0ba0636cee32bfb9ab6998592229c341a33a691ecedef4edefa7f96", + "name": "tests/units/modules/test_cp_mgmt_application_site_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "4430102bfa5445973e58af32efc0cffc60ab601d39525fa61b11808e78492462", + "name": "tests/units/modules/test_cp_mgmt_assign_global_assignment.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "0f9ccfc11b4e4b0915748c9ac22bdef9d81a34d45bb595f18b344f5f2810a96e", + "name": "tests/units/modules/test_cp_mgmt_discard.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e34d6da7d0cdc35a52a7b4f8319d2f03eefc43864290b2c0817fcac0b23704b9", + "name": "tests/units/modules/test_cp_mgmt_dns_domain.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8db6362f60b09d870e5284fc55be4c60862a6686b0d12d9bf442cd6537e6d6b5", + "name": "tests/units/modules/test_cp_mgmt_dns_domain_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9b4cb8301ccf0b9026a40df58f12629662ed589a80e57a4c354b22e985189c99", + "name": "tests/units/modules/test_cp_mgmt_dynamic_object.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ed7c096c6950ce9ce2427bbe87fe814bc3249571c57b6b7e3c14cc6cad374a9b", + "name": "tests/units/modules/test_cp_mgmt_dynamic_object_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "18a7350ad42e193fab24fdf4501fefae04a87dc702ef9c2ba5a96be0c9b45cd5", + "name": "tests/units/modules/test_cp_mgmt_exception_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "02500aba47b7bdbb230bfe763edfa96cab3d0e074162d5a0f28e3f69060751ab", + "name": "tests/units/modules/test_cp_mgmt_exception_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9f7d954edf7974880e1e804169a4b72737f7e9beeff4907eb891ea5b9b1870cf", + "name": "tests/units/modules/test_cp_mgmt_global_assignment.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ef4fadacc4a896dfc81bc870fd7298fba3d4f6007a93e2d0a129d9c13b2651ef", + "name": "tests/units/modules/test_cp_mgmt_global_assignment_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "fb7bd5f23e514014f41130ef9355a23373afa54c856d79c3b3bde559ee6fd6d9", + "name": "tests/units/modules/test_cp_mgmt_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e5cb39a06e81e52d98b509a463e352fd9215f94ad26f84d568a0aec4debc2ef2", + "name": "tests/units/modules/test_cp_mgmt_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "3adb58c7044e4981326f4e71de40712966b66e92959439910299ecc25f21aaf8", + "name": "tests/units/modules/test_cp_mgmt_group_with_exclusion.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "bfe829ebc865e32628a6c0e3ef9789bc662e3d416acd989c51d2e5a71739ad63", + "name": "tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "75ed1b841d3b6220170715e2a584e03f935a3715eb13d435086cfeb58370065b", + "name": "tests/units/modules/test_cp_mgmt_host.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e01ce4559932f611cb5f549e1ccd3c308aa3405705f46435ef432202109895ea", + "name": "tests/units/modules/test_cp_mgmt_host_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "eee9b103c215050cef25eddd0fea8de54abe40be02a06ee28c80888b4a26b0ea", + "name": "tests/units/modules/test_cp_mgmt_install_policy.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ef54911d3cf6acce025de758e403a0ce8ad527d906128f6fa542b9f7caaff14d", + "name": "tests/units/modules/test_cp_mgmt_mds_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "3181a16700f16f0ba80f5e53a6a8be4c8a4c871531a0dfeef3fdead2b87c942c", + "name": "tests/units/modules/test_cp_mgmt_multicast_address_range.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "b124c26770a7c980d937afc7c5bd660c4795c6ddbdf5f547b0522dbbbc6a3aae", + "name": "tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "3adf34f93d4caaa9fe51a8430a4933b4a198a982f3eb0c2c993d02ed324044c7", + "name": "tests/units/modules/test_cp_mgmt_network.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5a488220df3d23305ff88f3793eb5962d655d8e4e65d1ca0e55047541c0e398c", + "name": "tests/units/modules/test_cp_mgmt_network_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1ccf35ad77b6a2e696bbdbb0179dfc0126e4dd81c22ee504e9e3ba8b12c1c382", + "name": "tests/units/modules/test_cp_mgmt_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c7be2f9616779d41b1220331ff5c2ac9bfc7e1c9f45a95d19db2b02417b7de3e", + "name": "tests/units/modules/test_cp_mgmt_package_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e0fa6b28dd8308afeb9e5bc0d518597720ab5c7076ef34ec0c7fedc86abe555b", + "name": "tests/units/modules/test_cp_mgmt_publish.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8bb70eefe9a9f68959ba3d19b450da60612cd8b43c382d05d78b7d5a9c678a49", + "name": "tests/units/modules/test_cp_mgmt_put_file.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e63d017c4e434e00ad5a2aec67d79e62f25850f231a33632929c7dd0e4264eb4", + "name": "tests/units/modules/test_cp_mgmt_run_ips_update.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "162ddb7ed025aadededafba936658bf3d63ec15c1dc69109320dbb1c7ad06961", + "name": "tests/units/modules/test_cp_mgmt_run_script.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "be9529986d7679ad4d6ff9f08d0c30fb09258ebf155e5a09fff2a4e9f78303ae", + "name": "tests/units/modules/test_cp_mgmt_security_zone.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "520795aa3ad4a70e589f04c19d14851b872899888d4b5d37fc10502ad52d346f", + "name": "tests/units/modules/test_cp_mgmt_security_zone_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9afdffbdc1371928f649857f8adc30c129e65304154e4e40b75d1f1472e15522", + "name": "tests/units/modules/test_cp_mgmt_service_dce_rpc.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c77d4695f5a9381ce03c2e22b14cd7b45fd8ce69a67657fd48a24758ea1b068b", + "name": "tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c75216ed17dec454be7b1eb16f79faef177140c8a14406ccafee80351d6496ed", + "name": "tests/units/modules/test_cp_mgmt_service_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c4c4a695d3872a75ffed983de9121405bc3544da6c35f6e5b0644de291aa1251", + "name": "tests/units/modules/test_cp_mgmt_service_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "92759d20c19223d9f496ca0ef2823b27f7bede8f46bf6a77128efba4368bdcd2", + "name": "tests/units/modules/test_cp_mgmt_service_icmp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2e99a97ca39c3d496bb07130583e4ce851f89a374614c1e4a60cbbebfa96520d", + "name": "tests/units/modules/test_cp_mgmt_service_icmp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "48caf7f6e4332dd89b6e5b975591b2abdd7741bf15e852aea9f2d0a07102662a", + "name": "tests/units/modules/test_cp_mgmt_service_icmp6.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "83ac6d89a1b004dd527020e8ddcd295a1411818ab47c465407d17d88d98aefe1", + "name": "tests/units/modules/test_cp_mgmt_service_icmp6_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f09a4a88b7b4b6d3ef334cbd44cd2f33279670cb2579c28e3546cef95f111edd", + "name": "tests/units/modules/test_cp_mgmt_service_other.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "069588c702d7bea017fd511f42495dad9dfca24da44e78d654baaf4c49c2fb90", + "name": "tests/units/modules/test_cp_mgmt_service_other_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ed91f508b2ccfd02d1e32eb610fa3f8363ebe131f2c14f7859a301415e363b59", + "name": "tests/units/modules/test_cp_mgmt_service_rpc.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7c0a17572b2fdd30c9affe4c5ba35825bb6050a9b5dbfea5ccc9327234c3f82b", + "name": "tests/units/modules/test_cp_mgmt_service_rpc_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5e7ce1866a5b956d4b0ec0cce00c059a1992c4dfa46f3266e1d624fb3d7d0c69", + "name": "tests/units/modules/test_cp_mgmt_service_sctp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1a1e89bf0059dc5895e8cb129ba49e4b2a30d643d861937a0ae470256c773825", + "name": "tests/units/modules/test_cp_mgmt_service_sctp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ee294d8627c0a636fa15e90f08616582e81cb2e30d98e72b4602086f267110a3", + "name": "tests/units/modules/test_cp_mgmt_service_tcp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "76f8d81afb8d231b68ce75b6d0bedf8e4ebc24c972d78cd209ac7124823e180c", + "name": "tests/units/modules/test_cp_mgmt_service_tcp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "40c0ae507ced4abe95526b3bc579106563dabf6a4780456e2d4a8063e6248f05", + "name": "tests/units/modules/test_cp_mgmt_service_udp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8eb00e3b48b5f559ce223c7fffb332164621ebb76e5281255cb23c2dd247733f", + "name": "tests/units/modules/test_cp_mgmt_service_udp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "4843417f873b63efd2748eec3287e6300d56aa824869d46c027d877cfb304057", + "name": "tests/units/modules/test_cp_mgmt_session_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "6b1a432e9367ced489918799411d243906f72214ee843c6a97ca168d674444ab", + "name": "tests/units/modules/test_cp_mgmt_simple_gateway.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8c8e5758620daef40a5d496cd7590fc4d5ae4bf6ab543037f867b9b2d532de34", + "name": "tests/units/modules/test_cp_mgmt_simple_gateway_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c106c27905c62edf3daf4c5f0484db755314b8f7ef98873eb32ca838b95d08d4", + "name": "tests/units/modules/test_cp_mgmt_tag.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "83c42a3f0768045c007eb0a105465d70a8e5948b3b11b75a02d8ca62b0888d53", + "name": "tests/units/modules/test_cp_mgmt_tag_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "245c066ec06f608db240bc0036e7699147cef10d0ceb8374836c906827dcc889", + "name": "tests/units/modules/test_cp_mgmt_threat_exception.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "646d9e49be52cb3bf4697839b10e553a915971754dd32e7db19051428e99d6a2", + "name": "tests/units/modules/test_cp_mgmt_threat_exception_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d6f6891ec4c80bf907ca777525bf2eedfc0ebade770d40f634213bbcd91adb1e", + "name": "tests/units/modules/test_cp_mgmt_threat_indicator.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f432265160fb643bbac5f4710deb80c99fa9f2438e080286dc9ffcbf03379531", + "name": "tests/units/modules/test_cp_mgmt_threat_indicator_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "37d60a438848cb3410bcf3d9cd11b1723516ae2c622af2752d919ecab8089b3b", + "name": "tests/units/modules/test_cp_mgmt_threat_layer.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7153d9ab9fa164d9977768888e50b8557cd78a82ef89e4c744a2c246f6a10ad8", + "name": "tests/units/modules/test_cp_mgmt_threat_layer_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8dffb75f6f197924a8e8ad9bbc1772ff502397a52d4f79523c86c07fb2a62804", + "name": "tests/units/modules/test_cp_mgmt_threat_profile.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "cd487926b42abc6f78ced447846e49e18f9c12a58c61504fd9c34e148cd9f523", + "name": "tests/units/modules/test_cp_mgmt_threat_profile_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "020825ee4b7fb37c4f421391eaccffb8f3a8f53fb0eb5a2f4d1ae2849f57498f", + "name": "tests/units/modules/test_cp_mgmt_threat_protection_override.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "a3a2e8d3a00d1b1c6e3f35de7fa4429c564507c0579460270ccaf52bb40e498d", + "name": "tests/units/modules/test_cp_mgmt_threat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "65c6f41255267a579f38318110536a5bf1e681081ce8d884349b54741eb71411", + "name": "tests/units/modules/test_cp_mgmt_threat_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "80dd3a4635ee333c2ad50c1382a884a90d0dea6d1c8ddeaf3598eea4305a1df6", + "name": "tests/units/modules/test_cp_mgmt_time.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "a67fd09f696dd5b6970e6d450bcda75410d8d4f55b73b1a4c3dd27c63961d09d", + "name": "tests/units/modules/test_cp_mgmt_time_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "24e9eb33ee2dc0c431d97186931ff98e51b4262b3952eb86e7205f638caf6378", + "name": "tests/units/modules/test_cp_mgmt_verify_policy.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "405a29342f78872d022b355e6f05db43861dd77e26cf8da288ed01ac43994ca2", + "name": "tests/units/modules/test_cp_mgmt_vpn_community_meshed.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ac1bb8819f21fc45c6549ce81db5b7c4cd52d5f6bcd2697516a287f672fc6a94", + "name": "tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "a5c934382e013b02d862e6ca41b40520a860bdb3435ac4225b349e84f0cd5502", + "name": "tests/units/modules/test_cp_mgmt_vpn_community_star.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d69f484bff5c827d08d044dfecbe739dc083a3168b76ca0c09d985804bff7fda", + "name": "tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "96eb81fd4a4e7bd94c6b570ef68c9313912aac8f82cb67cdaa19cf8a1491012c", + "name": "tests/units/modules/test_cp_mgmt_wildcard.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "a3c769bd27f15eb7bfb88c2dbcf6f97c85fcc4656252404640d5cee8ae54f300", + "name": "tests/units/modules/test_cp_mgmt_wildcard_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "068c1590cd6ca7721c889cbb51c9038875190354a7dfcfc65974ebf33f7d3f10", + "name": "tests/units/modules/test_cp_mgmt_access_layer.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2e3b4731b4f63d81cbe6faf70b8ff3f12d6314e40a17b240656c3675b763c0a7", + "name": "tests/units/modules/test_cp_mgmt_access_layer_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1098f3b942332481807ec91847b750993ae9129f31c657ca2fa37761e0fbbf25", + "name": "tests/units/modules/test_cp_mgmt_access_role.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "da6c7d554758a05fcefe60129ef8b3065d1eef1bf41105b759c13518deea238a", + "name": "tests/units/modules/test_cp_mgmt_access_role_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7fdbec735156a21036a6efdbeac5f739bb16f428966f4ad219d63628cccf1ceb", + "name": "tests/units/modules/test_cp_mgmt_access_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "b9bfbe5bd3dee964bb71094498d6c7cbfac7215b0c6777a889503ffa522129ff", + "name": "tests/units/modules/test_cp_mgmt_access_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "23a73381edc1497d0998c01fba4ff7e192c497a3cc876073b7195ab4a1a28919", + "name": "tests/units/modules/test_cp_mgmt_address_range.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "eefdbe1a87fec458d0aad4222957e03bfd7230fbf597f8dabe533248eb7a1490", + "name": "tests/units/modules/test_cp_mgmt_address_range_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e1297d7ba1c62f880d52cf5d7bc2bf45e11f15a39baf293d563ccb71f1b17cc4", + "name": "tests/units/modules/test_cp_mgmt_add_api_key.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "4b54eb105d9690dcd5c6db7ab8494fcf755643fc81f43bc4bf63f26c22e47257", + "name": "tests/units/modules/test_cp_mgmt_add_data_center_object.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "4ecae15f5095db12e5359ac3ac3b3645a79ee6e680995d099c731c32da2a35bd", + "name": "tests/units/modules/test_cp_mgmt_data_center_object_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "3f16dcc30d79476a959870d7e9e476fc9a7e2ecbe38153f11b2cf1f40865b2a1", + "name": "tests/units/modules/test_cp_mgmt_delete_api_key.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8a5f61be541d51f3d9514f0672787f7c6332b7b6d2ecdf62eecf31f5acc1ae3e", + "name": "tests/units/modules/test_cp_mgmt_delete_data_center_object.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7180520502b5bbede8a14f2c2521e1d5b0eb1146a47550b99cf4cc388e0a2dbd", + "name": "tests/units/modules/test_cp_mgmt_show_access_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "200b553690c44dacdbf6a4ace5049f1427f4226ce5d8f7f797629640a13f9b63", + "name": "tests/units/modules/test_cp_mgmt_https_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "717df66aabecf9096e09c99c6f099335758222d0b9e4c44cbe8da9e6e0a7fa40", + "name": "tests/units/modules/test_cp_mgmt_nat_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "053ab71fa6b25ae7a209b58810c4cc885179ce883d3a0434708592993039482e", + "name": "tests/units/modules/test_cp_mgmt_access_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "21d8d4df3d2786737a25441ca85dad8ddffbd47242bff03c6fad3ca682593b00", + "name": "tests/units/modules/test_cp_mgmt_show_https_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "77f6179900d0ebd641e6e8488771efd914ba55ffc31614f268da2ecdc78baac4", + "name": "tests/units/modules/test_cp_mgmt_show_nat_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "0defe75da109c1b68f8e7dfede9ee223ffafb6ef16eea7591b4ce4947e697d0b", + "name": "tests/units/modules/test_checkpoint_host.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "797ae7d20104b0c375d9bf92c8853738bc7af2f16fd56676092efdc4e19336e1", + "name": "tests/units/modules/test_checkpoint_session.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "0defe75da109c1b68f8e7dfede9ee223ffafb6ef16eea7591b4ce4947e697d0b", + "name": "tests/units/modules/test_checkpoint_task_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f0bf1522c73ee4c935dbe2d060f3d01a924d01d68dbaf7e3bba1a1ea3cac9105", + "name": "tests/units/modules/test_checkpoint_access_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "59986dd3a1667bb8086341c9d8a08b5119215d93c761aa7db5caa64344629791", + "name": "tests/units/modules/test_cp_mgmt_uninstall_software_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d74c8b4e8ef2fc36a16fd4a4ad4942fa02fde1ae9746e354fa0a16f50332ee46", + "name": "tests/units/modules/test_cp_mgmt_verify_software_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f6dde7f737e4efa372d1e3af3fca3b04c7cb20037581dd9fb2d7567b3124a309", + "name": "tests/units/modules/test_cp_mgmt_install_software_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e154ff5aa62d14d4dadd1af860bb6c98a0e6bac57565104969a48719080d3387", + "name": "tests/units/modules/test_cp_mgmt_show_software_package_details.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "87d7f8a5c4080b1d0079f52659ab04ef7ebb5cebf3dc797b781ff4598ca2c414", + "name": "tests/units/modules/test_cp_mgmt_delete_nat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ea95691323673cb5c61290c0e61175720ae7ccdf062e63f88bca65123f2cc96f", + "name": "tests/units/modules/test_cp_mgmt_nat_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7c93ded0f03e9f11f49a34a5ad75abb58d9cc3b8ded956ffb9c2522f2f85199f", + "name": "tests/units/modules/test_cp_mgmt_set_nat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c00fe6d07d01e0f9e83461049e3a1c87201c9811b39c80ad24dd2f988a625795", + "name": "tests/units/modules/test_cp_mgmt_add_nat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "tests/units/plugins", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "tests/units/plugins/httpapi", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "82581afd8bcc69d8c58a0728ffd53af1c6e2762a490c4c484c2098f773c5fa1f", + "name": "tests/units/plugins/httpapi/test_checkpoint.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "tests/integration", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "roles", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "plugins", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "plugins/module_utils", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5a170571509d0039c80d06719c0e131f251d2f5e1938f010e0f8478c42714c43", + "name": "plugins/module_utils/checkpoint.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "plugins/modules", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "30a51d62155ade7fc7ae180209d917f5c05a54f81f6a7a8b93e6e1202694d929", + "name": "plugins/modules/cp_mgmt_wildcard_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "aae7665c2ed5e6dc6de40b3e68b6734bdc67103d603000228137d622de0326ca", + "name": "plugins/modules/cp_mgmt_wildcard.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5c8180f0e73863324465fcf7ca3c0dc90567908fd5ed5c871b3a4688c522712d", + "name": "plugins/modules/cp_mgmt_vpn_community_star_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "821aba1ab8986f9c63b8e78ceaaebd3d3d79976d6e7498f9065553bed09e35f8", + "name": "plugins/modules/cp_mgmt_vpn_community_star.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f7defc4a4327f713d73c6ff8801e9b25e331c98b9f2a5a73349fc4be70d73c90", + "name": "plugins/modules/cp_mgmt_vpn_community_meshed_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8ab6f9ed0c2a9ae3a231cd891e71bb7632c189107237279b9cb74588460c1311", + "name": "plugins/modules/cp_mgmt_vpn_community_meshed.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2e1f122ded8f6abe8b3fb36a468f796092f2b430c4fd751b8dfd502783d4cf17", + "name": "plugins/modules/checkpoint_host_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "203ef6e612baae905e38ed07ec95b6d9614cb96c63fda1bb36cf1a4b88e2ec3f", + "name": "plugins/modules/cp_mgmt_time_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "6aed5093d5bfea911dd4d7b3dbd75a77355f73103e65fc091ba195a30299938e", + "name": "plugins/modules/cp_mgmt_time.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f4b658fd7c10065bd81925504fff15fed575327428232c4b6ec6f5f4ad333609", + "name": "plugins/modules/cp_mgmt_threat_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7acc4be755ee96e3d5f89da871a164307507cf8a8a2a7452f1e9bf9fd48f9152", + "name": "plugins/modules/cp_mgmt_threat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ae78e233a5753a15dec0426ca7b0e8ee63f4d2fff210422463f69ac82db17d51", + "name": "plugins/modules/cp_mgmt_threat_protection_override.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "943a83888f419d3ab99a5a50a5a5062c824cad7f8cbb4a94c0c665a117388b4f", + "name": "plugins/modules/cp_mgmt_threat_profile_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ca95263585fce0984a12cc9b2dc5e0678b891570b42dafcef8dfb228aa4cbe14", + "name": "plugins/modules/cp_mgmt_threat_profile.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "dd9a216240cdb834a1213a0b2990d9afae683ef9121c7128a2352be3a8251336", + "name": "plugins/modules/cp_mgmt_threat_layer_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f1a9ba5ad5077d15574cf013e99ab4a60f3329a18a1d8b3ae18b1f63846b7461", + "name": "plugins/modules/cp_mgmt_threat_layer.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "32073accf4b215d1cc67b2fabd5fdd474b5b5a1fbfb75885a8431f4b8c582f64", + "name": "plugins/modules/cp_mgmt_threat_indicator_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "429f3a438879a596b832219e1ec89f32eab39d501dadcf88f408224ec6865a77", + "name": "plugins/modules/cp_mgmt_threat_indicator.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "81f03ad0a5e84a40aa23f2e9a1e0b70a6bd31134ef7b86be4743638fe51e21ec", + "name": "plugins/modules/cp_mgmt_threat_exception_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "469a441b0020643a668e831f5ef51187d45f85926846821ac34a5c1d407676c4", + "name": "plugins/modules/cp_mgmt_threat_exception.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "30bc5409d7d964f221d0b5d8042fd78c7b4cdfb6b54daaa803f2cda09b251a82", + "name": "plugins/modules/cp_mgmt_tag_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c15b59332e62d08965cb3a60cd7abd56345db3f698d626ac030d850bc0d4b690", + "name": "plugins/modules/cp_mgmt_tag.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "cf2ec3a66434853e2f31e9ffdd2bc5aadb904b1ffa267a95f13449c4ba25f650", + "name": "plugins/modules/cp_mgmt_simple_gateway_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "51b21eb3866d5c36310d2aaef1e4693076b5a7b5465a3ff14676b22526e57a06", + "name": "plugins/modules/cp_mgmt_simple_gateway.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d64a029396ebbe4d054c1a9f957905739afcd9dcb299d103dce4d1bbb1c8ef32", + "name": "plugins/modules/cp_mgmt_session_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f6841ec8237e17394f814d9878ad9f452bf9d44ca9e53d948524a7de20d79492", + "name": "plugins/modules/cp_mgmt_service_udp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "886bb9e51645ca48424d6f2ec7acde86b2ce5ee92de85d3eef6a07e9bd733796", + "name": "plugins/modules/cp_mgmt_service_udp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e4d3e7f80b6073edfd1f210cb3c48308105f741f57e501e88fa6b831601c5538", + "name": "plugins/modules/cp_mgmt_service_tcp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f9dd107254ec76b53004c6ae87d1f8b74bf73d2efaa82fd54e5e3bd574fa9720", + "name": "plugins/modules/cp_mgmt_service_tcp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "113f9a9ff9d98f949d356457150b5b4e0f37172123a64fc5b8f92e68a7323922", + "name": "plugins/modules/cp_mgmt_service_sctp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "922f2ab77babeb7d5e9c1d67e2903494cea78c8a1623f6e25746e86f21ccd72a", + "name": "plugins/modules/cp_mgmt_service_sctp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "cfda5aada37347a89254f672052260bc3177ce19b8e520836cbaa1ccf1584ec6", + "name": "plugins/modules/cp_mgmt_service_rpc_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "236bfdfb880d23f0a95c50d81251ddaa7a7f067d6a738328ead112e9bc1f48d4", + "name": "plugins/modules/cp_mgmt_service_rpc.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "8f103b903fb1338715582d960fcf0f91e72257e88fdc5e768df7ef7d98dee473", + "name": "plugins/modules/cp_mgmt_service_other_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7f06640057df34323f10e12f91ecd8861a7cf98839afa2511c7279327ee5dea1", + "name": "plugins/modules/cp_mgmt_service_other.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9811cf0a36b30fe53eeeb287a560b9a97e5cc24b3b01e50c53b55eeea85a8366", + "name": "plugins/modules/cp_mgmt_service_icmp_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2829961762bce9d268045f8626efe223f4a7416da6105e357b4580314c6082ec", + "name": "plugins/modules/cp_mgmt_service_icmp6_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "0fe52d0ff2f851032f970fe38bdbeee2a4636c61dac7a4e074d5cbcacade60bf", + "name": "plugins/modules/cp_mgmt_service_icmp6.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "18c80bc3d761d16f7ed73fdaa2105f186485cee8f50e08a1fd7e121a2e1abb55", + "name": "plugins/modules/cp_mgmt_service_icmp.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1ca2dab4305e11f8a65e6287a27f69ed0fa58f95911c6965e97554222089a864", + "name": "plugins/modules/cp_mgmt_service_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1d9b458cba4d10548beec5d99409bb85e0608c5e276ab5dfadab06dfd09ec2bb", + "name": "plugins/modules/cp_mgmt_service_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "fc366802759f6ca00bdcacda9514b78145a7da067b16b90c1d0e7de0f7f01072", + "name": "plugins/modules/cp_mgmt_service_dce_rpc_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "05f87d03d4e68d3684b02ee0ec020c30ac71dd83529d4df1cb9f32c8a6848963", + "name": "plugins/modules/cp_mgmt_service_dce_rpc.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "4956c3304e531d295d105525420c41f3ddbf1ca0f15028ed31ec316b53514163", + "name": "plugins/modules/cp_mgmt_security_zone_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c2f0f78b695b58192d749fe538cbbfb988c9bd3948fcfb3fba117089941536e6", + "name": "plugins/modules/cp_mgmt_security_zone.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9273c24b347b922f8b4130c57f41957f7c4fb7186f6f7f7877c8269c5f69abf2", + "name": "plugins/modules/cp_mgmt_run_script.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "030ee399a368ed233270f750d5118b216331a79a1c71eb693e8d0e9165cf10b6", + "name": "plugins/modules/cp_mgmt_run_ips_update.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7a3d8911ed92bcdfc35fee8a580ee5443e0115f5be5f8c88045c262ccf175a37", + "name": "plugins/modules/cp_mgmt_put_file.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c30e7c4478a2e434530cf6a0438afc7427da32e7761b895c6bf4f0d29900f93b", + "name": "plugins/modules/cp_mgmt_publish.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "60b888f5f2bbc8f3d7e364dfd760c95cc9512e308934a91582a1d074002104a8", + "name": "plugins/modules/cp_mgmt_package_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "461807003177ef0b07ee452140feb41c1824be0ce01f6d137d645d2405727d6b", + "name": "plugins/modules/cp_mgmt_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d19519bb0c85e10ac338153389206e4291274bd870adb2b786f2ee22fb3e187d", + "name": "plugins/modules/cp_mgmt_network_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d8307ac3d45f6551c43bd81b81cb3444778b319744a04030e9d530ab92f2f580", + "name": "plugins/modules/cp_mgmt_network.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7dfbddaebc213cf595f8ba25e8f9d2e443378d92f2e4e673789fbd024c87ca56", + "name": "plugins/modules/cp_mgmt_multicast_address_range_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "20ce102984adfdf780470db3705481697defbba9d26d2fbad75690f817425b39", + "name": "plugins/modules/cp_mgmt_multicast_address_range.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "aeb5fd2ee01414c8ff02b473903efd8c958bbdfa59c40dd20a2b21124449a90b", + "name": "plugins/modules/cp_mgmt_mds_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d2a6d449708fc709745ed85b8b5b0d755c86bce404cfd6472dae7ca15a3af4a5", + "name": "plugins/modules/cp_mgmt_install_policy.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ca4cdfdcde9d14f81b031ad13fefb2ebee0bc2bc82c9ee3ed39c74ec6955fc00", + "name": "plugins/modules/cp_mgmt_host_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "758d584381c91067b3b1d4888383247938be6f6c56e46fa92acc50bee8d31b7c", + "name": "plugins/modules/checkpoint_session.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "dc5e1eb32b38af38b8310c14cb5e900ec87dca2b2e0ff72302deee1415e5994b", + "name": "plugins/modules/cp_mgmt_group_with_exclusion_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5725bfa90e46759c3a2f6027c347137c2ffc821eb490406aa0d6adef60c8ec14", + "name": "plugins/modules/cp_mgmt_group_with_exclusion.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ac45d955fe4a208faee1322b9ef39a0f86e5b4185c1b0d11c84cb56fbd31306f", + "name": "plugins/modules/cp_mgmt_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "093549dbf84ce45fe70a8c28d7f5bd6b89c24ab1c8f26d5f4a94e3b60806b6b6", + "name": "plugins/modules/cp_mgmt_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "335c4a8bf2c16c1dd1d3f42ef6c1bbf5dbdb11e099411e8a548dcf2e053b370a", + "name": "plugins/modules/cp_mgmt_global_assignment_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "19efe77b56c8572a95687b1380040ece4c4a72a7cbf4b8fbc53a3c1f7287d7f9", + "name": "plugins/modules/cp_mgmt_global_assignment.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e39873b5322df729eec5e7e6e74800d6fa652460816529c3c070bacead2ed397", + "name": "plugins/modules/cp_mgmt_exception_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "07dab1838cdf81f5943dcdbe61acbe895308b11560021e07fb6647d43b4c7e52", + "name": "plugins/modules/cp_mgmt_exception_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9e5291c5a0f9694828516e6b3f74a9919f46a6eba83faded751fd156a93db6ad", + "name": "plugins/modules/cp_mgmt_dynamic_object_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e1d62589da57b8d5fbf4dd0b01685b6f152d9bbb81f1f3912c6e1ccaceba134a", + "name": "plugins/modules/cp_mgmt_dynamic_object.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1df2a7c7fae5251ae80a6f27d9c2e077de8f48716399fe1c96c3fb4c94a44f72", + "name": "plugins/modules/cp_mgmt_dns_domain_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7f48bdbe4de365f2541565528e8c52e8534f7c59289ab087a02078953500ec57", + "name": "plugins/modules/cp_mgmt_dns_domain.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "78a9ddc6d0745138eaa19586fc86c0c9b69323de914b08b5461ab712a228d608", + "name": "plugins/modules/cp_mgmt_discard.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "76dd4ee21bfe3723dd9a4baffc70687d4f28bdc0a2605dc61d986bcbc024558f", + "name": "plugins/modules/cp_mgmt_assign_global_assignment.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "7c1bfe577a91f61eb3fdb7229f664ee24eaba53c93b6ab6676e2f4508c724408", + "name": "plugins/modules/cp_mgmt_application_site_group_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e604a9bb796f31f6ab402ddfd6c31cd614a83b1c17f9e946424a8db53fea381f", + "name": "plugins/modules/cp_mgmt_application_site_group.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ca808fa16655802b0dd4c72e529561714d039326e99d42481cc335fc7fa8fa5b", + "name": "plugins/modules/cp_mgmt_application_site_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "cbf17e7c7cd18d4bbe6df457cfec4759be99e7d388114726b78cd69281654b71", + "name": "plugins/modules/cp_mgmt_application_site_category_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "dd5d1001aa733da9bd98cfa05b542c18bc78cc3343edb9d26fa5f6ab4d9eee88", + "name": "plugins/modules/cp_mgmt_application_site_category.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "76a299728d6e59b5984ef641f631abbdccbee0f6a24c381357f8f8c358802c1a", + "name": "plugins/modules/cp_mgmt_application_site.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9baf0ddd87932274bac37aa59ea33dbc403213fd5c37c1687f238920d3c64831", + "name": "plugins/modules/cp_mgmt_administrator_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "27dea8a136ff87ae3ca590f96b33ed227927f01ae2f1e8f45a7462d6c919d588", + "name": "plugins/modules/cp_mgmt_administrator.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "4ea5dd6fe5a7e94d7045ae4ca4969fc2dec240112c2d908168222e30cbabee05", + "name": "plugins/modules/cp_mgmt_address_range_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e16532cc4556e117b0987ff6cc2e7b0ae7b19db52b7c3c42ba34e6fcba029c98", + "name": "plugins/modules/cp_mgmt_address_range.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "0e345293aa0e8adc1dbb6f7dc49d3d82499e36b2ad81731cadd34478bcf52ffc", + "name": "plugins/modules/cp_mgmt_access_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "50320b18852ea48caf6763dfa04d0ffcc5691041058de5f0d22365605e814d6d", + "name": "plugins/modules/cp_mgmt_access_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "83c666c2c200d2dee25829d59d3ac97e24dace72b1681b20afb4ccb9c675978c", + "name": "plugins/modules/cp_mgmt_access_role_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ba259cd728b852191d6175929105063ff9371be9fde9590b5a3a92dd01441a14", + "name": "plugins/modules/cp_mgmt_access_role.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "217f45b9ac10f45ee7398735d1ae30dd268b8448f979be3bab5a6768f541f89c", + "name": "plugins/modules/cp_mgmt_access_layer_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2e41b575196ef63195bbab20029046c949d925a6304e7356a2879fbdb1352583", + "name": "plugins/modules/cp_mgmt_access_layer.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "21fb12e938e02cfc8ea94865877a124ff1b024d7735a9cf10da0160b394a5b1c", + "name": "plugins/modules/cp_mgmt_delete_api_key.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c8ddc15576b50911bcde9fd322f6806d0e98fe3211cb03eab5d5342557d2239e", + "name": "plugins/modules/cp_mgmt_verify_policy.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "13ed6796bdab0b710f366f173f90af6d09fbae7090fe1c5d10e7efc7ed844372", + "name": "plugins/modules/cp_mgmt_add_api_key.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "c18c3458bc08224a2238779406591985606dc72fcf408c47639f51ea93f878ac", + "name": "plugins/modules/cp_mgmt_data_center_object_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e67946f55278501245c01a1f745d30ffa85adb4c32cf021edf095c6af1a387e6", + "name": "plugins/modules/cp_mgmt_delete_data_center_object.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "1e42a83bb0f7c67416524a67bd08fcb57d42fd58a87f9e3920575857d82a2588", + "name": "plugins/modules/cp_mgmt_add_data_center_object.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "6c4a33c2bce265d40c54f7d4d3253c5d31721cca6b823979c2c97ed1f6414416", + "name": "plugins/modules/cp_mgmt_show_task.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d68ac24b4d4b997323c4be377eb4b385768388632c7cdefdb3a3679dfa3b1d48", + "name": "plugins/modules/cp_mgmt_show_tasks.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "235418bc4e7b9c2675de6c14912129b4395dd64dc86a969d686c962b8d4925a6", + "name": "plugins/modules/cp_mgmt_host.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "b2cf23a6b2f0483f0b2153e91244ffef5298b29bcfb415e183ae2ceffd66f0e7", + "name": "plugins/modules/cp_mgmt_show_access_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "44a3b063e8e80481517c04efdce609decd31dc2f66429b9cf5fa7a5870414a46", + "name": "plugins/modules/cp_mgmt_https_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5862c42227062aec6d090712c65d2b8b43bb6a9dc004189aa1e8e3df58e34ee6", + "name": "plugins/modules/cp_mgmt_nat_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "db5f96145d306569d49d7f6e55004c7828171e7ffc02dd0d47ac91625e05de60", + "name": "plugins/modules/cp_mgmt_access_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "d047057811207e75be75fb8e0e23c7d8f4afa1f271e3ec0c7ce2ffec92f0773b", + "name": "plugins/modules/cp_mgmt_show_https_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "fdf0ea93cab99f22c796d2318c2afe0e0b0d0173fb5b7f86ac47031583444d68", + "name": "plugins/modules/cp_mgmt_show_nat_section.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "fb333796416174dfee2bf12c7d2e637cb78c29bd83312eb80a01c38356ddb945", + "name": "plugins/modules/checkpoint_object_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2ee6475a619e608cdc88293bc14f23f05aafd910144b8b925f657dc5a5fe55d8", + "name": "plugins/modules/checkpoint_run_script.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f74486b97be08dca2bb45d3e0e2a396d81bd16995eb93ccd62f549829e5fcb5a", + "name": "plugins/modules/checkpoint_task_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2f50c27787ca917b106546bf74dc901bbe3b24e25555820dd40cd95b5490ed9a", + "name": "plugins/modules/checkpoint_access_layer_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ae0ffbfcdda0dfb7397c2590bf466be8e8b5cb329499d423410ef30401a9ef20", + "name": "plugins/modules/checkpoint_access_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "2f3a082542bbd45b69597bda4a84d704df1e2abdce936d3457d743c8a90bfae3", + "name": "plugins/modules/checkpoint_access_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ff7b86deee864db81cf22289a878c8196aea3b1bfb2fbe54b97ab9150487afee", + "name": "plugins/modules/checkpoint_host.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "64577b87da151503c86c08da4050f138b4ba5f322b5eb8d822414f551375cadb", + "name": "plugins/modules/cp_mgmt_delete_nat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "5a7348c5b24e325e771ad7a72a13a1785abcedc296ad3ce019a2f74038363789", + "name": "plugins/modules/cp_mgmt_nat_rule_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "fedabe68dd7027b3102565bccf373e96a4badadee4142c71c0dfb147c98b0d48", + "name": "plugins/modules/cp_mgmt_set_nat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "9fde7aeebe809ab0dad0f95ca7e2a52fc169e79263b528f2ffd968e6826f8985", + "name": "plugins/modules/cp_mgmt_add_nat_rule.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "f6b8bed03a6c15a9e9e15a9accbc976386ce8c88a66952852ed20b769a1d6c4f", + "name": "plugins/modules/cp_mgmt_uninstall_software_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "ced58293bc1a023dbf010051216d0e149c7521304398df28c4637801529aebda", + "name": "plugins/modules/cp_mgmt_verify_software_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "904db8cd1f2061c4ed2c6ce1f6c359e53d637dc1f7d627089ec7077b9e3f3d0c", + "name": "plugins/modules/cp_mgmt_install_software_package.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "e0e94215740061e2e00420e372f9b147c865bbc26246826029f80d520ea2177d", + "name": "plugins/modules/cp_mgmt_show_software_package_details.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "plugins/httpapi", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "17a9a9ccae95eba887c2f81e41a2edf660e10a491f5bf982a2cb514398b91408", + "name": "plugins/httpapi/checkpoint.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "plugins/doc_fragments", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "650d4330b2450c48f73f7e2df21b98198d879a4b55599d2dd973a79251a0204b", + "name": "plugins/doc_fragments/checkpoint_objects.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "82c20efa3cc5dd847af5bcd3f9cf37dd913c4f7df6f95eefb4549abf598feebe", + "name": "plugins/doc_fragments/checkpoint_facts.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "93cc815de1b4bac41f588f49c16be88f3a73ce22b8db3c923c3552af3e1fbd9d", + "name": "plugins/doc_fragments/checkpoint_commands.py", + "chksum_type": "sha256", + "format": 1 + }, + { + "ftype": "dir", + "chksum_sha256": null, + "name": "docs", + "chksum_type": null, + "format": 1 + }, + { + "ftype": "file", + "chksum_sha256": "de484bee564c1e5b5a2165bbac454511dd054693c3358a5d144408a832c1c68c", + "name": "README.md", + "chksum_type": "sha256", + "format": 1 + } + ], + "format": 1 +}
\ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/MANIFEST.json b/collections-debian-merged/ansible_collections/check_point/mgmt/MANIFEST.json new file mode 100644 index 00000000..2918d0f8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/MANIFEST.json @@ -0,0 +1,32 @@ +{ + "collection_info": { + "description": "Check Point collection for the Management Server", + "repository": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection", + "tags": [ + "security" + ], + "dependencies": {}, + "authors": [ + "Or Soffer <orso@checkpoint.com>" + ], + "issues": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues", + "name": "mgmt", + "license": [ + "GPL-2.0-or-later" + ], + "documentation": "https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#check-point", + "namespace": "check_point", + "version": "1.0.6", + "readme": "README.md", + "license_file": null, + "homepage": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection" + }, + "file_manifest_file": { + "format": 1, + "ftype": "file", + "chksum_sha256": "d1b4efb8d2b30b57be6b982eff90ba710c5e98d6b16b30bb6b1c861134cbf5d2", + "name": "FILES.json", + "chksum_type": "sha256" + }, + "format": 1 +}
\ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/README.md b/collections-debian-merged/ansible_collections/check_point/mgmt/README.md new file mode 100644 index 00000000..a172a754 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/README.md @@ -0,0 +1,177 @@ +# Check Point Ansible Mgmt Collection +This Ansible collection provides control over a Check Point Management server using +Check Point's web-services APIs. + +The Ansible Check Point modules reference can be found here: +https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#check-point +<br>Note - look only at the `cp_mgmt_*` modules, cause the `checkpoint_*` will be deprecated. + +This is the repository of the mgmt collection which can be found here - https://galaxy.ansible.com/check_point/mgmt + +Installation instructions +------------------------- +Run `ansible-galaxy collection install check_point.mgmt` + +Requirements +------------ +* Ansible 2.9+ is required. +* The Check Point server should be using the versions detailed in this SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114661 +* The Check Point server should be open for API communication from the Ansible server. + Open SmartConsole and check "Manage & Settings > Blades > Management API > Advanced settings". + +Usage +----- +1. Edit the `hosts` so that it will contain a section similar to this one: +``` +[check_point] +%CHECK_POINT_MANAGEMENT_SERVER_IP% +[check_point:vars] +ansible_httpapi_use_ssl=True +ansible_httpapi_validate_certs=False +ansible_user=%CHECK_POINT_MANAGEMENT_SERVER_USER% +ansible_password=%CHECK_POINT_MANAGEMENT_SERVER_PASSWORD% +ansible_network_os=check_point.mgmt.checkpoint +``` +Note - If you want to run against Ansible version 2.9 instead of the collection, just replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint` +<br><br>2. Run a playbook: +```sh +ansible-playbook your_ansible_playbook.yml +``` +or + +Run a playbook in "check mode": +```sh +ansible-playbook -C your_ansible_playbook.yml +``` +Example playbook: +``` +--- +- name: playbook name + hosts: check_point + connection: httpapi + tasks: + - name: task to have network + check_point.mgmt.cp_mgmt_network: + name: "network name" + subnet: "4.1.76.0" + mask_length: 24 + auto_publish_session: true + + vars: + ansible_checkpoint_domain: "SMC User" +``` +Note - If you want to run against Ansible version 2.9 instead of the collection, just replace `check_point.mgmt.cp_mgmt_network` with `cp_mgmt_network` + +### Notes: + 1. Because this Ansible module is controlling the management server remotely via the web API, + the Ansible server needs to have access to the Check Point API server. + Open `SmartConsole`, navigate to "Manage & Settings > Blades > Management API > Advanced settings" + and check the API server's accessibility set + 2. Ansible has a feature called "Check Mode" that enables you to test the + changes without actually changing anything. + 3. The login and logout happens automatically. + 4. If you want to login to a specific domain, in the playbook above in the `vars`secion change the domain name to + `ansible_checkpoint_domain` + 5. There are two ways to publish changes: + a. Set the `auto_publish_session` to `true` as displayed in the example playbook above. + This option will publish only the task which this parameter belongs to. + b. Add the task to publish to the `cp_mgmt_publish` module. + This option will publish all the tasks above this task. + 6. It is recommended by Check Point to use this collection over the modules of Ansible version 2.9 + 7. If you still want to use Ansible version 2.9 instead of this collection (not recommended): + a. In the `hosts` file replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint` + b. In the task in the playbook replace the module `check_point.mgmt.cp_mgmt_*` with the module `cp_mgmt_*` + 8. Starting from version 1.0.6, when running a command which returns a task-id, and the user chooses to wait for that task to finish + (the default is to wait), then the output of the command will be the output of the show-task command (instead of the task-id). + +Modules +------- +* `cp_mgmt_access_layer` – Manages access-layer objects on Check Point over Web Services API +* `cp_mgmt_access_layer_facts` – Get access-layer objects facts on Check Point over Web Services API +* `cp_mgmt_access_role` – Manages access-role objects on Check Point over Web Services API +* `cp_mgmt_access_role_facts` – Get access-role objects facts on Check Point over Web Services API +* `cp_mgmt_access_rule` – Manages access-rule objects on Check Point over Web Services API +* `cp_mgmt_access_rule_facts` – Get access-rule objects facts on Check Point over Web Services API +* `cp_mgmt_address_range` – Manages address-range objects on Check Point over Web Services API +* `cp_mgmt_address_range_facts` – Get address-range objects facts on Check Point over Web Services API +* `cp_mgmt_administrator` – Manages administrator objects on Check Point over Web Services API +* `cp_mgmt_administrator_facts` – Get administrator objects facts on Check Point over Web Services API +* `cp_mgmt_application_site` – Manages application-site objects on Check Point over Web Services API +* `cp_mgmt_application_site_category` – Manages application-site-category objects on Check Point over Web Services API +* `cp_mgmt_application_site_category_facts` – Get application-site-category objects facts on Check Point over Web Services API +* `cp_mgmt_application_site_facts` – Get application-site objects facts on Check Point over Web Services API +* `cp_mgmt_application_site_group` – Manages application-site-group objects on Check Point over Web Services API +* `cp_mgmt_application_site_group_facts` – Get application-site-group objects facts on Check Point over Web Services API +* `cp_mgmt_assign_global_assignment` – assign global assignment on Check Point over Web Services API +* `cp_mgmt_discard` – All changes done by user are discarded and removed from database +* `cp_mgmt_dns_domain` – Manages dns-domain objects on Check Point over Web Services API +* `cp_mgmt_dns_domain_facts` – Get dns-domain objects facts on Check Point over Web Services API +* `cp_mgmt_dynamic_object` – Manages dynamic-object objects on Check Point over Web Services API +* `cp_mgmt_dynamic_object_facts` – Get dynamic-object objects facts on Check Point over Web Services API +* `cp_mgmt_exception_group` – Manages exception-group objects on Check Point over Web Services API +* `cp_mgmt_exception_group_facts` – Get exception-group objects facts on Check Point over Web Services API +* `cp_mgmt_global_assignment` – Manages global-assignment objects on Check Point over Web Services API +* `cp_mgmt_global_assignment_facts` – Get global-assignment objects facts on Check Point over Web Services API +* `cp_mgmt_group` – Manages group objects on Check Point over Web Services API +* `cp_mgmt_group_facts` – Get group objects facts on Check Point over Web Services API +* `cp_mgmt_group_with_exclusion` – Manages group-with-exclusion objects on Check Point over Web Services API +* `cp_mgmt_group_with_exclusion_facts` – Get group-with-exclusion objects facts on Check Point over Web Services API +* `cp_mgmt_host` – Manages host objects on Check Point over Web Services API +* `cp_mgmt_host_facts` – Get host objects facts on Check Point over Web Services API +* `cp_mgmt_install_policy` – install policy on Check Point over Web Services API +* `cp_mgmt_mds_facts` – Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API +* `cp_mgmt_multicast_address_range` – Manages multicast-address-range objects on Check Point over Web Services API +* `cp_mgmt_multicast_address_range_facts` – Get multicast-address-range objects facts on Check Point over Web Services API +* `cp_mgmt_network` – Manages network objects on Check Point over Web Services API +* `cp_mgmt_network_facts` – Get network objects facts on Check Point over Web Services API +* `cp_mgmt_package` – Manages package objects on Check Point over Web Services API +* `cp_mgmt_package_facts` – Get package objects facts on Check Point over Web Services API +* `cp_mgmt_publish` – All the changes done by this user will be seen by all users only after publish is called +* `cp_mgmt_put_file` – put file on Check Point over Web Services API +* `cp_mgmt_run_ips_update` – Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center +* `cp_mgmt_run_script` – Executes the script on a given list of targets +* `cp_mgmt_security_zone` – Manages security-zone objects on Check Point over Web Services API +* `cp_mgmt_security_zone_facts` – Get security-zone objects facts on Check Point over Web Services API +* `cp_mgmt_service_dce_rpc` – Manages service-dce-rpc objects on Check Point over Web Services API +* `cp_mgmt_service_dce_rpc_facts` – Get service-dce-rpc objects facts on Check Point over Web Services API +* `cp_mgmt_service_group` – Manages service-group objects on Check Point over Web Services API +* `cp_mgmt_service_group_facts` – Get service-group objects facts on Check Point over Web Services API +* `cp_mgmt_service_icmp` – Manages service-icmp objects on Check Point over Web Services API +* `cp_mgmt_service_icmp6` – Manages service-icmp6 objects on Check Point over Web Services API +* `cp_mgmt_service_icmp6_facts` – Get service-icmp6 objects facts on Check Point over Web Services API +* `cp_mgmt_service_icmp_facts` – Get service-icmp objects facts on Check Point over Web Services API +* `cp_mgmt_service_other` – Manages service-other objects on Check Point over Web Services API +* `cp_mgmt_service_other_facts` – Get service-other objects facts on Check Point over Web Services API +* `cp_mgmt_service_rpc` – Manages service-rpc objects on Check Point over Web Services API +* `cp_mgmt_service_rpc_facts` – Get service-rpc objects facts on Check Point over Web Services API +* `cp_mgmt_service_sctp` – Manages service-sctp objects on Check Point over Web Services API +* `cp_mgmt_service_sctp_facts` – Get service-sctp objects facts on Check Point over Web Services API +* `cp_mgmt_service_tcp` – Manages service-tcp objects on Check Point over Web Services API +* `cp_mgmt_service_tcp_facts` – Get service-tcp objects facts on Check Point over Web Services API +* `cp_mgmt_service_udp` – Manages service-udp objects on Check Point over Web Services API +* `cp_mgmt_service_udp_facts` – Get service-udp objects facts on Check Point over Web Services API +* `cp_mgmt_session_facts` – Get session objects facts on Check Point over Web Services API +* `cp_mgmt_simple_gateway` – Manages simple-gateway objects on Check Point over Web Services API +* `cp_mgmt_simple_gateway_facts` – Get simple-gateway objects facts on Check Point over Web Services API +* `cp_mgmt_tag` – Manages tag objects on Check Point over Web Services API +* `cp_mgmt_tag_facts` – Get tag objects facts on Check Point over Web Services API +* `cp_mgmt_threat_exception` – Manages threat-exception objects on Check Point over Web Services API +* `cp_mgmt_threat_exception_facts` – Get threat-exception objects facts on Check Point over Web Services API +* `cp_mgmt_threat_indicator` – Manages threat-indicator objects on Check Point over Web Services API +* `cp_mgmt_threat_indicator_facts` – Get threat-indicator objects facts on Check Point over Web Services API +* `cp_mgmt_threat_layer` – Manages threat-layer objects on Check Point over Web Services API +* `cp_mgmt_threat_layer_facts` – Get threat-layer objects facts on Check Point over Web Services API +* `cp_mgmt_threat_profile` – Manages threat-profile objects on Check Point over Web Services API +* `cp_mgmt_threat_profile_facts` – Get threat-profile objects facts on Check Point over Web Services API +* `cp_mgmt_threat_protection_override` – Edit existing object using object name or uid +* `cp_mgmt_threat_rule` – Manages threat-rule objects on Check Point over Web Services API +* `cp_mgmt_threat_rule_facts` – Get threat-rule objects facts on Check Point over Web Services API +* `cp_mgmt_time` – Manages time objects on Check Point over Web Services API +* `cp_mgmt_time_facts` – Get time objects facts on Check Point over Web Services API +* `cp_mgmt_verify_policy` – Verifies the policy of the selected package +* `cp_mgmt_vpn_community_meshed` – Manages vpn-community-meshed objects on Check Point over Web Services API +* `cp_mgmt_vpn_community_meshed_facts` – Get vpn-community-meshed objects facts on Check Point over Web Services API +* `cp_mgmt_vpn_community_star` – Manages vpn-community-star objects on Check Point over Web Services API +* `cp_mgmt_vpn_community_star_facts` – Get vpn-community-star objects facts on Check Point over Web Services API +* `cp_mgmt_wildcard` – Manages wildcard objects on Check Point over Web Services API +* `cp_mgmt_wildcard_facts` – Get wildcard objects facts on Check Point over Web Services API diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py new file mode 100644 index 00000000..9c5afafc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + wait_for_task: + description: + - Wait for the task to end. Such as publish task. + type: bool + default: True + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py new file mode 100644 index 00000000..90afb52a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py new file mode 100644 index 00000000..ffe7a602 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + choices: + - 'present' + - 'absent' + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + wait_for_task: + description: + - Wait for the task to end. Such as publish task. + type: bool + default: True + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py new file mode 100644 index 00000000..52755f6e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py @@ -0,0 +1,104 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +DOCUMENTATION = """ +--- +author: Ansible Networking Team +httpapi : checkpoint +short_description: HttpApi Plugin for Checkpoint devices +description: + - This HttpApi plugin provides methods to connect to Checkpoint + devices over a HTTP(S)-based api. +version_added: "2.8" +options: + domain: + type: str + description: + - Specifies the domain of the Check Point device + vars: + - name: ansible_checkpoint_domain + api_key: + type: str + description: + - Login with api-key instead of user & password + vars: + - name: ansible_api_key +""" + +import json + +from ansible.module_utils.basic import to_text +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.six.moves.urllib.error import HTTPError +from ansible.plugins.httpapi import HttpApiBase +from ansible.module_utils.connection import ConnectionError + +BASE_HEADERS = { + 'Content-Type': 'application/json', + 'User-Agent': 'Ansible', +} + + +class HttpApi(HttpApiBase): + def login(self, username, password): + payload = {} + cp_domain = self.get_option('domain') + cp_api_key = self.get_option('api_key') + if cp_domain: + payload['domain'] = cp_domain + if username and password and not cp_api_key: + payload['user'] = username + payload['password'] = password + elif cp_api_key and not username and not password: + payload['api-key'] = cp_api_key + else: + raise AnsibleConnectionFailure('[Username and password] or api_key are required for login') + url = '/web_api/login' + response, response_data = self.send_request(url, payload) + + try: + self.connection._auth = {'X-chkp-sid': response_data['sid']} + self.connection._session_uid = response_data['uid'] + except KeyError: + raise ConnectionError( + 'Server returned response without token info during connection authentication: %s' % response) + + def logout(self): + url = '/web_api/logout' + + response, dummy = self.send_request(url, None) + + def get_session_uid(self): + return self.connection._session_uid + + def send_request(self, path, body_params): + data = json.dumps(body_params) if body_params else '{}' + + try: + self._display_request() + response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS) + value = self._get_response_value(response_data) + + return response.getcode(), self._response_to_json(value) + except AnsibleConnectionFailure as e: + return 404, e.message + except HTTPError as e: + error = json.loads(e.read()) + return e.code, error + + def _display_request(self): + self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url)) + + def _get_response_value(self, response_data): + return to_text(response_data.getvalue()) + + def _response_to_json(self, response_text): + try: + return json.loads(response_text) if response_text else {} + # JSONDecodeError only available on Python 3.5+ + except ValueError: + raise ConnectionError('Invalid JSON response: %s' % response_text) diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py new file mode 100644 index 00000000..64c87afa --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py @@ -0,0 +1,493 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2018 Red Hat Inc. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +import time + +from ansible.module_utils.connection import Connection + +checkpoint_argument_spec_for_objects = dict( + auto_publish_session=dict(type='bool'), + wait_for_task=dict(type='bool', default=True), + state=dict(type='str', choices=['present', 'absent'], default='present'), + version=dict(type='str') +) + +checkpoint_argument_spec_for_facts = dict( + version=dict(type='str') +) + +checkpoint_argument_spec_for_commands = dict( + wait_for_task=dict(type='bool', default=True), + version=dict(type='str') +) + +delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'rule-name', 'package'] + + +# parse failure message with code and response +def parse_fail_message(code, response): + return 'Checkpoint device returned error {0} with message {1}'.format(code, response) + + +# send the request to checkpoint +def send_request(connection, version, url, payload=None): + code, response = connection.send_request('/web_api/' + version + url, payload) + + return code, response + + +# get the payload from the user parameters +def is_checkpoint_param(parameter): + if parameter == 'auto_publish_session' or \ + parameter == 'state' or \ + parameter == 'wait_for_task' or \ + parameter == 'version': + return False + return True + + +# build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well +def get_payload_from_parameters(params): + payload = {} + for parameter in params: + parameter_value = params[parameter] + if parameter_value is not None and is_checkpoint_param(parameter): + if isinstance(parameter_value, dict): + payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value) + elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict): + payload_list = [] + for element_dict in parameter_value: + payload_list.append(get_payload_from_parameters(element_dict)) + payload[parameter.replace("_", "-")] = payload_list + else: + # special handle for this param in order to avoid two params called "version" + if parameter == "gateway_version": + parameter = "version" + + payload[parameter.replace("_", "-")] = parameter_value + return payload + + +# wait for task +def wait_for_task(module, version, connection, task_id): + task_id_payload = {'task-id': task_id, 'details-level': 'full'} + task_complete = False + current_iteration = 0 + max_num_iterations = 300 + + # As long as there is a task in progress + while not task_complete and current_iteration < max_num_iterations: + current_iteration += 1 + # Check the status of the task + code, response = send_request(connection, version, 'show-task', task_id_payload) + + attempts_counter = 0 + while code != 200: + if attempts_counter < 5: + attempts_counter += 1 + time.sleep(2) + code, response = send_request(connection, version, 'show-task', task_id_payload) + else: + response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \ + " undefined. " + response['message'] + module.fail_json(msg=parse_fail_message(code, response)) + + # Count the number of tasks that are not in-progress + completed_tasks = 0 + for task in response['tasks']: + if task['status'] == 'failed': + module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details' + .format(task['task-name'], task['task-id'])) + if task['status'] == 'in progress': + break + completed_tasks += 1 + + # Are we done? check if all tasks are completed + if completed_tasks == len(response["tasks"]): + task_complete = True + else: + time.sleep(2) # Wait for two seconds + if not task_complete: + module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id'])) + else: + return response + + +# if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard` +def discard_and_fail(module, code, response, connection, version): + discard_code, discard_response = send_request(connection, version, 'discard') + if discard_code != 200: + module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session {0}' + ' with error {1} with message {2}'.format(connection.get_session_uid(), + discard_code, discard_response)) + module.fail_json(msg=parse_fail_message(code, response) + ' Unpublished changes were discarded') + + +# handle publish command, and wait for it to end if the user asked so +def handle_publish(module, connection, version): + if module.params['auto_publish_session']: + publish_code, publish_response = send_request(connection, version, 'publish') + if publish_code != 200: + discard_and_fail(module, publish_code, publish_response, connection, version) + if module.params['wait_for_task']: + wait_for_task(module, version, connection, publish_response['task-id']) + + +# if user insert a specific version, we add it to the url +def get_version(module): + return ('v' + module.params['version'] + '/') if module.params.get('version') else '' + + +# if code is 400 (bad request) or 500 (internal error) - fail +def handle_equals_failure(module, equals_code, equals_response): + if equals_code == 400 or equals_code == 500: + module.fail_json(msg=parse_fail_message(equals_code, equals_response)) + if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found': + module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.') + + +# handle call +def handle_call(connection, version, call, payload, module, to_publish, to_discard_on_failure): + code, response = send_request(connection, version, call, payload) + if code != 200: + if to_discard_on_failure: + discard_and_fail(module, code, response, connection, version) + else: + module.fail_json(msg=parse_fail_message(code, response)) + + if to_publish: + handle_publish(module, connection, version) + return response + + +# handle a command +def api_command(module, command): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + code, response = send_request(connection, version, command, payload) + result = {'changed': True} + + if code == 200: + if module.params['wait_for_task']: + if 'task-id' in response: + response = wait_for_task(module, version, connection, response['task-id']) + elif 'tasks' in response: + for task in response['tasks']: + if 'task-id' in task: + wait_for_task(module, version, connection, task['task-id']) + + result[command] = response + else: + discard_and_fail(module, code, response, connection, version) + + return result + + +# handle api call facts +def api_call_facts(module, api_call_object, api_call_object_plural_version): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + # if there is neither name nor uid, the API command will be in plural version (e.g. show-hosts instead of show-host) + if payload.get("name") is None and payload.get("uid") is None: + api_call_object = api_call_object_plural_version + + response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + result = {api_call_object: response} + return result + + +# handle delete +def handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result): + # else equals_code is 404 and no need to delete because he doesn't exist + if equals_code == 200: + payload_for_delete = extract_payload_with_some_params(payload, delete_params) + response = handle_call(connection, version, 'delete-' + api_call_object, payload_for_delete, module, True, True) + result['changed'] = True + + +# handle the call and set the result with 'changed' and teh response +def handle_call_and_set_result(connection, version, call, payload, module, result): + response = handle_call(connection, version, call, payload, module, True, True) + result['changed'] = True + result[call] = response + + +# handle api call +def api_call(module, api_call_object): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + result = {'changed': False} + if module.check_mode: + return result + + payload_for_equals = {'type': api_call_object, 'params': payload} + equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) + result['checkpoint_session_uid'] = connection.get_session_uid() + handle_equals_failure(module, equals_code, equals_response) + + if module.params['state'] == 'present': + if equals_code == 200: + # else objects are equals and there is no need for set request + if not equals_response['equals']: + handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + elif equals_code == 404: + handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) + elif module.params['state'] == 'absent': + handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + + return result + + +# get the position in integer format +def get_number_from_position(payload, connection, version): + if 'position' in payload: + position = payload['position'] + else: + return None + + # This code relevant if we will decide to support 'top' and 'bottom' in position + + # position_number = None + # # if position is not int, convert it to int. There are several cases: "top" + # if position == 'top': + # position_number = 1 + # elif position == 'bottom': + # payload_for_show_access_rulebase = {'name': payload['layer'], 'limit': 0} + # code, response = send_request(connection, version, 'show-access-rulebase', payload_for_show_access_rulebase) + # position_number = response['total'] + # elif isinstance(position, str): + # # here position is a number in format str (e.g. "5" and not 5) + # position_number = int(position) + # else: + # # here position suppose to be int + # position_number = position + # + # return position_number + + return int(position) + + +# build the show rulebase payload +def build_rulebase_payload(api_call_object, payload, position_number): + rulebase_payload = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1} + + if api_call_object == 'threat-exception': + rulebase_payload['rule-name'] = payload['rule-name'] + + return rulebase_payload + + +def build_rulebase_command(api_call_object): + rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase' + + if api_call_object == 'threat-exception': + rulebase_command = 'show-threat-rule-exception-rulebase' + + return rulebase_command + + +# extract rule from rulebase response +def extract_rule_from_rulebase_response(response): + rule = response['rulebase'][0] + while 'rulebase' in rule: + rule = rule['rulebase'][0] + return rule + + +# is the param position (if the user inserted it) equals between the object and the user input +def is_equals_with_position_param(payload, connection, version, api_call_object): + position_number = get_number_from_position(payload, connection, version) + + # if there is no position param, then it's equals in vacuous truth + if position_number is None: + return True + + rulebase_payload = build_rulebase_payload(api_call_object, payload, position_number) + rulebase_command = build_rulebase_command(api_call_object) + + code, response = send_request(connection, version, rulebase_command, rulebase_payload) + + # if true, it means there is no rule in the position that the user inserted, so I return false, and when we will try to set + # the rule, the API server will get throw relevant error + if response['total'] < position_number: + return False + + rule = extract_rule_from_rulebase_response(response) + + # if the names of the exist rule and the user input rule are equals, then it's means that their positions are equals so I + # return True. and there is no way that there is another rule with this name cause otherwise the 'equals' command would fail + if rule['name'] == payload['name']: + return True + else: + return False + + +# get copy of the payload without some of the params +def extract_payload_without_some_params(payload, params_to_remove): + copy_payload = dict(payload) + for param in params_to_remove: + if param in copy_payload: + del copy_payload[param] + return copy_payload + + +# get copy of the payload with only some of the params +def extract_payload_with_some_params(payload, params_to_insert): + copy_payload = {} + for param in params_to_insert: + if param in payload: + copy_payload[param] = payload[param] + return copy_payload + + +# is equals with all the params including action and position +def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): + if is_access_rule and 'action' in payload: + payload_for_show = extract_payload_with_some_params(payload, ['name', 'uid', 'layer']) + code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show) + exist_action = response['action']['name'] + if exist_action != payload['action']: + return False + # here the action is equals, so check the position param + if not is_equals_with_position_param(payload, connection, version, api_call_object): + return False + + return True + + +# handle api call for rule +def api_call_for_rule(module, api_call_object): + is_access_rule = True if 'access' in api_call_object else False + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + result = {'changed': False} + if module.check_mode: + return result + + if is_access_rule: + copy_payload_without_some_params = extract_payload_without_some_params(payload, ['action', 'position']) + else: + copy_payload_without_some_params = extract_payload_without_some_params(payload, ['position']) + payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params} + equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) + result['checkpoint_session_uid'] = connection.get_session_uid() + handle_equals_failure(module, equals_code, equals_response) + + if module.params['state'] == 'present': + if equals_code == 200: + if equals_response['equals']: + if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): + equals_response['equals'] = False + # else objects are equals and there is no need for set request + if not equals_response['equals']: + # if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position' + if 'position' in payload: + payload['new-position'] = payload['position'] + del payload['position'] + handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + elif equals_code == 404: + handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) + elif module.params['state'] == 'absent': + handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + + return result + + +# check if call is in plural form +def call_is_plural(api_call_object, payload): + is_plural = False + if 'access' in api_call_object and payload.get("layer") is None: + is_plural = True + elif 'threat' in api_call_object and payload.get("layer") is None: + is_plural = True + elif 'nat' in api_call_object \ + and payload.get("name") is None \ + and payload.get("uid") is None \ + and payload.get("rule-number") is None: + is_plural = True + return is_plural + + +# handle api call facts for rule +def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + # if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host) + if call_is_plural(api_call_object, payload): + api_call_object = api_call_object_plural_version + + response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + result = {api_call_object: response} + return result + + +# The code from here till EOF will be deprecated when Rikis' modules will be deprecated +checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True), + policy_package=dict(type='str', default='standard'), + auto_install_policy=dict(type='bool', default=True), + targets=dict(type='list') + ) + + +def publish(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/publish', payload) + + +def discard(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/discard', payload) + + +def install_policy(connection, policy_package, targets): + payload = {'policy-package': policy_package, + 'targets': targets} + + connection.send_request('/web_api/install-policy', payload) diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_layer_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_layer_facts.py new file mode 100644 index 00000000..4b6a35a9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_layer_facts.py @@ -0,0 +1,111 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_access_layer_facts +short_description: Get access layer facts on Check Point over Web Services API +description: +- Get access layer facts on Check Point devices. All operations are performed over + Web Services API. +author: Ansible by Red Hat (@rcarrillocruz) +options: + uid: + description: + - UID of access layer object. + type: str + name: + description: + - Name of the access layer object. + type: str +""" + +EXAMPLES = """ +- name: Get object facts + checkpoint_access_layer_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint access layer facts. + returned: always. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def get_access_layer(module, connection): + uid = module.params["uid"] + name = module.params["name"] + + payload = {} + + if uid: + payload = {"uid": uid} + code, result = connection.send_request( + "/web_api/show-access-layer", payload + ) + elif name: + payload = {"name": name} + code, result = connection.send_request( + "/web_api/show-access-layer", payload + ) + else: + code, result = connection.send_request( + "/web_api/show-access-layers", payload + ) + + return code, result + + +def main(): + argument_spec = dict( + uid=dict(type="str", default=None), name=dict(type="str", default=None) + ) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + + code, response = get_access_layer(module, connection) + + if code == 200: + module.exit_json(ansible_facts=dict(checkpoint_access_layers=response)) + else: + module.fail_json( + msg="Check Point device returned error {0} with message {1}".format( + code, response + ) + ) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_rule.py new file mode 100644 index 00000000..9b685f8c --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_rule.py @@ -0,0 +1,308 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_access_rule +short_description: Manages access rules on Check Point over Web Services API +description: +- Manages access rules on Check Point devices including creating, updating, removing + access rules objects, All operations are performed over Web Services API. +author: Ansible by Red Hat (@rcarrillocruz) +options: + name: + description: + - Name of the access rule. + required: true + type: str + layer: + description: + - Layer to attach the access rule to. + type: str + position: + description: + - Position of the access rule. + type: str + source: + description: + - Source object of the access rule. + type: str + destination: + description: + - Destination object of the access rule. + type: str + action: + description: + - Action of the access rule (accept, drop, inform, etc). + type: str + default: drop + enabled: + description: + - Enabled or disabled flag. + type: bool + default: true + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool + default: 'yes' + auto_install_policy: + description: + - Install the package policy if changes have been performed after the task completes. + type: bool + default: 'yes' + policy_package: + description: + - Package policy name to be installed. + type: str + default: standard + targets: + description: + - Targets to install the package policy on. + type: list +""" + +EXAMPLES = """ +- name: Create access rule + checkpoint_access_rule: + layer: Network + name: "Drop attacker" + position: top + source: attacker + destination: Any + action: Drop + +- name: Delete access rule + checkpoint_access_rule: + layer: Network + name: "Drop attacker" +""" + +RETURN = """ +checkpoint_access_rules: + description: The checkpoint access rule object created or updated. + returned: always, except when deleting the access rule. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec, + publish, + install_policy, +) + + +def get_access_rule(module, connection): + name = module.params["name"] + layer = module.params["layer"] + + payload = {"name": name, "layer": layer} + + code, response = connection.send_request( + "/web_api/show-access-rule", payload + ) + + return code, response + + +def create_access_rule(module, connection): + name = module.params["name"] + layer = module.params["layer"] + position = module.params["position"] + source = module.params["source"] + destination = module.params["destination"] + action = module.params["action"] + + payload = { + "name": name, + "layer": layer, + "position": position, + "source": source, + "destination": destination, + "action": action, + } + + code, response = connection.send_request( + "/web_api/add-access-rule", payload + ) + + return code, response + + +def update_access_rule(module, connection): + name = module.params["name"] + layer = module.params["layer"] + position = module.params["position"] + source = module.params["source"] + destination = module.params["destination"] + action = module.params["action"] + enabled = module.params["enabled"] + + payload = { + "name": name, + "layer": layer, + "position": position, + "source": source, + "destination": destination, + "action": action, + "enabled": enabled, + } + + code, response = connection.send_request( + "/web_api/set-access-rule", payload + ) + + return code, response + + +def delete_access_rule(module, connection): + name = module.params["name"] + layer = module.params["layer"] + + payload = {"name": name, "layer": layer} + + code, response = connection.send_request( + "/web_api/delete-access-rule", payload + ) + + return code, response + + +def needs_update(module, access_rule): + res = False + + if ( + module.params["source"] + and module.params["source"] != access_rule["source"][0]["name"] + ): + res = True + if ( + module.params["destination"] + and module.params["destination"] + != access_rule["destination"][0]["name"] + ): + res = True + if module.params["action"] != access_rule["action"]["name"]: + res = True + if module.params["enabled"] != access_rule["enabled"]: + res = True + + return res + + +def main(): + argument_spec = dict( + name=dict(type="str", required=True), + layer=dict(type="str"), + position=dict(type="str"), + source=dict(type="str"), + destination=dict(type="str"), + action=dict(type="str", default="drop"), + enabled=dict(type="bool", default=True), + state=dict(type="str", default="present"), + ) + argument_spec.update(checkpoint_argument_spec) + + required_if = [("state", "present", ("layer", "position"))] + module = AnsibleModule( + argument_spec=argument_spec, required_if=required_if + ) + connection = Connection(module._socket_path) + code, response = get_access_rule(module, connection) + result = {"changed": False} + + if module.params["state"] == "present": + if code == 200: + if needs_update(module, response): + code, response = update_access_rule(module, connection) + if code != 200: + module.fail_json(msg=response) + if module.params["auto_publish_session"]: + publish(connection) + + if module.params["auto_install_policy"]: + install_policy( + connection, + module.params["policy_package"], + module.params["targets"], + ) + + result["changed"] = True + result["checkpoint_access_rules"] = response + else: + pass + elif code == 404: + code, response = create_access_rule(module, connection) + if code != 200: + module.fail_json(msg=response) + if module.params["auto_publish_session"]: + publish(connection) + + if module.params["auto_install_policy"]: + install_policy( + connection, + module.params["policy_package"], + module.params["targets"], + ) + + result["changed"] = True + result["checkpoint_access_rules"] = response + else: + if code == 200: + code, response = delete_access_rule(module, connection) + if code != 200: + module.fail_json(msg=response) + if module.params["auto_publish_session"]: + publish(connection) + + if module.params["auto_install_policy"]: + install_policy( + connection, + module.params["policy_package"], + module.params["targets"], + ) + + result["changed"] = True + result["checkpoint_access_rules"] = response + elif code == 404: + pass + + result["checkpoint_session_uid"] = connection.get_session_uid() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_rule_facts.py new file mode 100644 index 00000000..22e3a9d1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_access_rule_facts.py @@ -0,0 +1,112 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_access_rule_facts +short_description: Get access rules objects facts on Check Point over Web Services + API +description: +- Get access rules objects facts on Check Point devices. All operations are performed + over Web Services API. +author: Ansible by Red Hat (@rcarrillocruz) +options: + name: + description: + - Name of the access rule. If not provided, UID is required. + type: str + uid: + description: + - UID of the access rule. If not provided, name is required. + type: str + layer: + description: + - Layer the access rule is attached to. + required: true + type: str +""" + +EXAMPLES = """ +- name: Get access rule facts + checkpoint_access_rule_facts: + layer: Network + name: "Drop attacker" +""" + +RETURN = """ +ansible_facts: + description: The checkpoint access rule object facts. + returned: always. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def get_access_rule(module, connection): + name = module.params["name"] + uid = module.params["uid"] + layer = module.params["layer"] + + if uid: + payload = {"uid": uid, "layer": layer} + elif name: + payload = {"name": name, "layer": layer} + + code, response = connection.send_request( + "/web_api/show-access-rule", payload + ) + + return code, response + + +def main(): + argument_spec = dict( + name=dict(type="str"), + uid=dict(type="str"), + layer=dict(type="str", required=True), + ) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + code, response = get_access_rule(module, connection) + if code == 200: + module.exit_json(ansible_facts=dict(checkpoint_access_rules=response)) + else: + module.fail_json( + msg="Checkpoint device returned error {0} with message {1}".format( + code, response + ) + ) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_host.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_host.py new file mode 100644 index 00000000..8da971d8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_host.py @@ -0,0 +1,228 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_host +short_description: Manages host objects on Check Point over Web Services API +description: +- Manages host objects on Check Point devices including creating, updating, removing + access rules objects. All operations are performed over Web Services API. +author: Ansible by Red Hat (@rcarrillocruz) +options: + name: + description: + - Name of the access rule. + type: str + required: true + ip_address: + description: + - IP address of the host object. + type: str + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool + default: 'yes' + auto_install_policy: + description: + - Install the package policy if changes have been performed after the task completes. + type: bool + default: 'yes' + policy_package: + description: + - Package policy name to be installed. + type: str + default: standard + targets: + description: + - Targets to install the package policy on. + type: list +""" + +EXAMPLES = """ +- name: Create host object + checkpoint_host: + name: attacker + ip_address: 192.168.0.15 + +- name: Delete host object + checkpoint_host: + name: attacker + state: absent +""" + +RETURN = """ +checkpoint_hosts: + description: The checkpoint host object created or updated. + returned: always, except when deleting the host. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec, + publish, + install_policy, +) + + +def get_host(module, connection): + name = module.params["name"] + + payload = {"name": name} + + code, response = connection.send_request("/web_api/show-host", payload) + + return code, response + + +def create_host(module, connection): + name = module.params["name"] + ip_address = module.params["ip_address"] + + payload = {"name": name, "ip-address": ip_address} + + code, response = connection.send_request("/web_api/add-host", payload) + + return code, response + + +def update_host(module, connection): + name = module.params["name"] + ip_address = module.params["ip_address"] + + payload = {"name": name, "ip-address": ip_address} + + code, response = connection.send_request("/web_api/set-host", payload) + + return code, response + + +def delete_host(module, connection): + name = module.params["name"] + + payload = {"name": name} + + code, response = connection.send_request("/web_api/delete-host", payload) + + return code, response + + +def needs_update(module, host): + res = False + + if module.params["ip_address"] != host["ipv4-address"]: + res = True + + return res + + +def main(): + argument_spec = dict( + name=dict(type="str", required=True), + ip_address=dict(type="str"), + state=dict(type="str", default="present"), + ) + argument_spec.update(checkpoint_argument_spec) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + code, response = get_host(module, connection) + result = {"changed": False} + + if module.params["state"] == "present": + if code == 200: + if needs_update(module, response): + code, response = update_host(module, connection) + if code != 200: + module.fail_json(msg=response) + if module.params["auto_publish_session"]: + publish(connection) + + if module.params["auto_install_policy"]: + install_policy( + connection, + module.params["policy_package"], + module.params["targets"], + ) + + result["changed"] = True + result["checkpoint_hosts"] = response + else: + pass + elif code == 404: + code, response = create_host(module, connection) + if code != 200: + module.fail_json(msg=response) + if module.params["auto_publish_session"]: + publish(connection) + + if module.params["auto_install_policy"]: + install_policy( + connection, + module.params["policy_package"], + module.params["targets"], + ) + + result["changed"] = True + result["checkpoint_hosts"] = response + else: + if code == 200: + # Handle deletion + code, response = delete_host(module, connection) + if code != 200: + module.fail_json(msg=response) + if module.params["auto_publish_session"]: + publish(connection) + + if module.params["auto_install_policy"]: + install_policy( + connection, + module.params["policy_package"], + module.params["targets"], + ) + + result["changed"] = True + result["checkpoint_hosts"] = response + elif code == 404: + pass + + result["checkpoint_session_uid"] = connection.get_session_uid() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_host_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_host_facts.py new file mode 100644 index 00000000..34847806 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_host_facts.py @@ -0,0 +1,103 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_host_facts +short_description: Get host objects facts on Check Point over Web Services API +description: +- Get host objects facts on Check Point devices. All operations are performed over + Web Services API. +author: Ansible by Red Hat (@rcarrillocruz) +options: + name: + description: + - Name of the host object. If name is not provided, UID is required. + type: str + uid: + description: + - UID of the host object. If UID is not provided, name is required. + type: str +""" + +EXAMPLES = """ +- name: Get host object facts + checkpoint_host_facts: + name: attacker +""" + +RETURN = """ +ansible_hosts: + description: The checkpoint host object facts. + returned: always. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def get_host(module, connection): + name = module.params["name"] + uid = module.params["uid"] + + if uid: + payload = {"uid": uid} + elif name: + payload = {"name": name} + + code, result = connection.send_request("/web_api/show-host", payload) + + return code, result + + +def main(): + argument_spec = dict(name=dict(type="str"), uid=dict(type="str")) + + required_one_of = [("name", "uid")] + module = AnsibleModule( + argument_spec=argument_spec, required_one_of=required_one_of + ) + connection = Connection(module._socket_path) + + code, response = get_host(module, connection) + + if code == 200: + module.exit_json(ansible_facts=dict(checkpoint_hosts=response)) + else: + module.fail_json( + msg="Checkpoint device returned error {0} with message {1}".format( + code, response + ) + ) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_object_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_object_facts.py new file mode 100644 index 00000000..fe3afe40 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_object_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_object_facts +short_description: Get object facts on Check Point over Web Services API +description: +- Get object facts on Check Point devices. All operations are performed over Web Services + API. +author: Ansible by Red Hat (@rcarrillocruz) +options: + uid: + description: + - UID of the object. If UID is not provided, it will do a full search which can + be filtered with the filter argument. + type: str + object_filter: + description: + - Filter expression for search. It accepts AND/OR logical operators and performs + a textual and IP address search. To search only by IP address, set ip_only argument + to True. which can be filtered with the filter argument. + type: str + ip_only: + description: + - Filter only by IP address. + type: bool + default: false + object_type: + description: + - Type of the object to search. Must be a valid API resource name + type: str +""" + +EXAMPLES = """ +- name: Get object facts + checkpoint_object_facts: + object_filter: 192.168.30.30 + ip_only: yes +""" + +RETURN = """ +ansible_hosts: + description: The checkpoint object facts. + returned: always. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def get_object(module, connection): + uid = module.params["uid"] + object_filter = module.params["object_filter"] + ip_only = module.params["ip_only"] + object_type = module.params["object_type"] + + if uid: + payload = {"uid": uid} + code, result = connection.send_request("/web_api/show-object", payload) + else: + payload = { + "filter": object_filter, + "ip-only": ip_only, + "type": object_type, + } + code, result = connection.send_request( + "/web_api/show-objects", payload + ) + + return code, result + + +def main(): + argument_spec = dict( + uid=dict(type="str", default=None), + object_filter=dict(type="str", default=None), + ip_only=dict(type="bool", default=False), + object_type=dict(type="str", default=None), + ) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + + code, response = get_object(module, connection) + + if code == 200: + module.exit_json(ansible_facts=dict(checkpoint_objects=response)) + else: + module.fail_json( + msg="Check Point device returned error {0} with message {1}".format( + code, response + ) + ) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_run_script.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_run_script.py new file mode 100644 index 00000000..e43d92d0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_run_script.py @@ -0,0 +1,118 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_run_script +short_description: Run scripts on Check Point devices over Web Services API +description: +- Run scripts on Check Point devices. All operations are performed over Web Services + API. +version_added: "2.7" +author: Ansible by Red Hat (@rcarrillocruz) +options: + script_name: + description: + - Name of the script. + type: str + required: true + script: + description: + - Script body contents. + type: str + required: true + targets: + description: + - Targets the script should be run against. Can reference either name or UID. + type: list + required: true +""" + +EXAMPLES = """ +- name: Run script + checkpoint_run_script: + script_name: "List root" + script: ls -l / + targets: + - mycheckpointgw +""" + +RETURN = """ +checkpoint_run_script: + description: The checkpoint run script output. + returned: always. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def run_script(module, connection): + script_name = module.params["script_name"] + script = module.params["script"] + targets = module.params["targets"] + + payload = { + "script-name": script_name, + "script": script, + "targets": targets, + } + + code, response = connection.send_request("/web_api/run-script", payload) + + return code, response + + +def main(): + argument_spec = dict( + script_name=dict(type="str", required=True), + script=dict(type="str", required=True), + targets=dict(type="list", required=True), + ) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + code, response = run_script(module, connection) + result = {"changed": True} + + if code == 200: + result["checkpoint_run_script"] = response + else: + module.fail_json( + msg="Checkpoint device returned error {0} with message {1}".format( + code, response + ) + ) + + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_session.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_session.py new file mode 100644 index 00000000..aed3a088 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_session.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_session +short_description: Manages session objects on Check Point over Web Services API +description: +- Manages session objects on Check Point devices performing actions like publish and + discard. All operations are performed over Web Services API. +version_added: "2.7" +author: Ansible by Red Hat (@rcarrillocruz) +options: + uid: + description: + - UID of the session. + type: str + required: true + state: + description: + - Action to perform on the session object. Valid choices are published and discarded. + type: str + choices: + - published + - discarded + default: published +""" + +EXAMPLES = """ +- name: Publish session + checkpoint_session: + uid: 7a13a360-9b24-40d7-acd3-5b50247be33e + state: published + +- name: Discard session + checkpoint_session: + uid: 7a13a360-9b24-40d7-acd3-5b50247be33e + state: discarded +""" + +RETURN = """ +checkpoint_session: + description: The checkpoint session output per return from API. It will differ depending on action. + returned: always. + type: list +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def get_session(module, connection): + payload = {"uid": module.params["uid"]} + + code, result = connection.send_request("/web_api/show-session", payload) + + return code, result + + +def main(): + argument_spec = dict( + uid=dict(type="str", required=True), + state=dict( + type="str", default="published", choices=["published", "discarded"] + ), + ) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + code, response = get_session(module, connection) + result = {"changed": False} + + if code == 200: + result["changed"] = True + payload = None + + if module.params["uid"]: + payload = {"uid": module.params["uid"]} + + if module.params["state"] == "published": + code, response = connection.send_request( + "/web_api/publish", payload + ) + else: + code, response = connection.send_request( + "/web_api/discard", payload + ) + if code != 200: + module.fail_json(msg=response) + result["checkpoint_session"] = response + else: + module.fail_json( + msg="Check Point device returned error {0} with message {1}".format( + code, response + ) + ) + + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_task_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_task_facts.py new file mode 100644 index 00000000..29dbe805 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/checkpoint_task_facts.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "network", +} + + +DOCUMENTATION = """module: checkpoint_task_facts +short_description: Get task objects facts on Check Point over Web Services API +description: +- Get task objects facts on Check Point devices. All operations are performed over + Web Services API. +version_added: "2.7" +author: Ansible by Red Hat (@rcarrillocruz) +options: + task_id: + description: + - ID of the task object. + type: str + required: true +""" + +EXAMPLES = """ +- name: Get task facts + checkpoint_task_facts: + task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb +""" + +RETURN = """ +ansible_facts: + description: The checkpoint task facts. + returned: always. + type: list +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection + + +def get_task(module, connection): + task_id = module.params["task_id"] + + if task_id: + payload = {"task-id": task_id, "details-level": "full"} + + code, response = connection.send_request("/web_api/show-task", payload) + else: + code, response = connection.send_request("/web_api/show-tasks", None) + + return code, response + + +def main(): + argument_spec = dict(task_id=dict(type="str", required=True)) + + module = AnsibleModule(argument_spec=argument_spec) + connection = Connection(module._socket_path) + code, response = get_task(module, connection) + if code == 200: + module.exit_json(ansible_facts=dict(checkpoint_tasks=response)) + else: + module.fail_json( + msg="Checkpoint device returned error {0} with message {1}".format( + code, response + ) + ) + + +if __name__ == "__main__": + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py new file mode 100644 index 00000000..48a8e402 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py @@ -0,0 +1,170 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_layer +short_description: Manages access-layer objects on Check Point over Web Services API +description: + - Manages access-layer objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + add_default_rule: + description: + - Indicates whether to include a cleanup rule in the new layer. + type: bool + applications_and_url_filtering: + description: + - Whether to enable Applications & URL Filtering blade on the layer. + type: bool + content_awareness: + description: + - Whether to enable Content Awareness blade on the layer. + type: bool + detect_using_x_forward_for: + description: + - Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP. + type: bool + firewall: + description: + - Whether to enable Firewall blade on the layer. + type: bool + implicit_cleanup_action: + description: + - The default "catch-all" action for traffic that does not match any explicit or implied rules in the layer. + type: str + choices: ['drop', 'accept'] + mobile_access: + description: + - Whether to enable Mobile Access blade on the layer. + type: bool + shared: + description: + - Whether this layer is shared. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-layer + cp_mgmt_access_layer: + name: New Layer 1 + state: present + +- name: set-access-layer + cp_mgmt_access_layer: + applications_and_url_filtering: false + data_awareness: true + name: New Layer 1 + state: present + +- name: delete-access-layer + cp_mgmt_access_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + add_default_rule=dict(type='bool'), + applications_and_url_filtering=dict(type='bool'), + content_awareness=dict(type='bool'), + detect_using_x_forward_for=dict(type='bool'), + firewall=dict(type='bool'), + implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']), + mobile_access=dict(type='bool'), + shared=dict(type='bool'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py new file mode 100644 index 00000000..144c9887 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_layer_facts +short_description: Get access-layer objects facts on Check Point over Web Services API +description: + - Get access-layer objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-layer + cp_mgmt_access_layer_facts: + name: New Layer 1 + +- name: show-access-layers + cp_mgmt_access_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "access-layer" + api_call_object_plural_version = "access-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py new file mode 100644 index 00000000..4e971d33 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py @@ -0,0 +1,187 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_role +short_description: Manages access-role objects on Check Point over Web Services API +description: + - Manages access-role objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + machines: + description: + - Machines that can access the system. + type: list + suboptions: + source: + description: + - Active Directory name or UID or Identity Tag. + type: str + selection: + description: + - Name or UID of an object selected from source. + type: list + base_dn: + description: + - When source is "Active Directory" use "base-dn" to refine the query in AD database. + type: str + networks: + description: + - Collection of Network objects identified by the name or UID that can access the system. + type: list + remote_access_clients: + description: + - Remote access clients identified by name or UID. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + users: + description: + - Users that can access the system. + type: list + suboptions: + source: + description: + - Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests. + type: str + selection: + description: + - Name or UID of an object selected from source. + type: list + base_dn: + description: + - When source is "Active Directory" use "base-dn" to refine the query in AD database. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-role + cp_mgmt_access_role: + machines: all identified + name: New Access Role 1 + networks: any + remote_access_clients: any + state: present + users: any + +- name: set-access-role + cp_mgmt_access_role: + machines: any + name: New Access Role 1 + state: present + users: all identified + +- name: delete-access-role + cp_mgmt_access_role: + name: New Access Role 1 + state: absent +""" + +RETURN = """ +cp_mgmt_access_role: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + machines=dict(type='list', options=dict( + source=dict(type='str'), + selection=dict(type='list'), + base_dn=dict(type='str') + )), + networks=dict(type='list'), + remote_access_clients=dict(type='str'), + tags=dict(type='list'), + users=dict(type='list', options=dict( + source=dict(type='str'), + selection=dict(type='list'), + base_dn=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-role' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py new file mode 100644 index 00000000..133ae5a3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_role_facts +short_description: Get access-role objects facts on Check Point over Web Services API +description: + - Get access-role objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-role + cp_mgmt_access_role_facts: + name: New Access Role 1 + +- name: show-access-roles + cp_mgmt_access_role_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "access-role" + api_call_object_plural_version = "access-roles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py new file mode 100644 index 00000000..3cbb3b1a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py @@ -0,0 +1,355 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rule +short_description: Manages access-rule objects on Check Point over Web Services API +description: + - Manages access-rule objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + action: + description: + - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". + type: str + action_settings: + description: + - Action settings. + type: dict + suboptions: + enable_identity_captive_portal: + description: + - N/A + type: bool + limit: + description: + - N/A + type: str + content: + description: + - List of processed file types that this rule applies on. + type: list + content_direction: + description: + - On which direction the file types processing is applied. + type: str + choices: ['any', 'up', 'down'] + content_negate: + description: + - True if negate is set for data. + type: bool + custom_fields: + description: + - Custom fields. + type: dict + suboptions: + field_1: + description: + - First custom field. + type: str + field_2: + description: + - Second custom field. + type: str + field_3: + description: + - Third custom field. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + inline_layer: + description: + - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". + type: str + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + service_negate: + description: + - True if negate is set for service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + source_negate: + description: + - True if negate is set for source. + type: bool + time: + description: + - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". + type: list + track: + description: + - Track Settings. + type: dict + suboptions: + accounting: + description: + - Turns accounting for track on and off. + type: bool + alert: + description: + - Type of alert for the track. + type: str + choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3'] + enable_firewall_session: + description: + - Determine whether to generate session log to firewall only connections. + type: bool + per_connection: + description: + - Determines whether to perform the log per connection. + type: bool + per_session: + description: + - Determines whether to perform the log per session. + type: bool + type: + description: + - a "Log", "Extended Log", "Detailed Log", "None". + type: str + user_check: + description: + - User check settings. + type: dict + suboptions: + confirm: + description: + - N/A + type: str + choices: ['per rule', 'per category', 'per application/site', 'per data type'] + custom_frequency: + description: + - N/A + type: dict + suboptions: + every: + description: + - N/A + type: int + unit: + description: + - N/A + type: str + choices: ['hours', 'days', 'weeks', 'months'] + frequency: + description: + - N/A + type: str + choices: ['once a day', 'once a week', 'once a month', 'custom frequency...'] + interaction: + description: + - N/A + type: str + vpn: + description: + - Communities or Directional. + type: list + suboptions: + community: + description: + - List of community name or UID. + type: list + directional: + description: + - Communities directional match condition. + type: list + suboptions: + from: + description: + - From community name or UID. + type: str + to: + description: + - To community name or UID. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-rule + cp_mgmt_access_rule: + layer: Network + name: Rule 1 + position: 1 + service: + - SMTP + - AOL + state: present + +- name: set-access-rule + cp_mgmt_access_rule: + action: Ask + action_settings: + enable_identity_captive_portal: true + limit: Upload_1Gbps + layer: Network + name: Rule 1 + state: present + +- name: delete-access-rule + cp_mgmt_access_rule: + layer: Network + name: Rule 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + action=dict(type='str'), + action_settings=dict(type='dict', options=dict( + enable_identity_captive_portal=dict(type='bool'), + limit=dict(type='str') + )), + content=dict(type='list'), + content_direction=dict(type='str', choices=['any', 'up', 'down']), + content_negate=dict(type='bool'), + custom_fields=dict(type='dict', options=dict( + field_1=dict(type='str'), + field_2=dict(type='str'), + field_3=dict(type='str') + )), + destination=dict(type='list'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + inline_layer=dict(type='str'), + install_on=dict(type='list'), + service=dict(type='list'), + service_negate=dict(type='bool'), + source=dict(type='list'), + source_negate=dict(type='bool'), + time=dict(type='list'), + track=dict(type='dict', options=dict( + accounting=dict(type='bool'), + alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), + enable_firewall_session=dict(type='bool'), + per_connection=dict(type='bool'), + per_session=dict(type='bool'), + type=dict(type='str') + )), + user_check=dict(type='dict', options=dict( + confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), + custom_frequency=dict(type='dict', options=dict( + every=dict(type='int'), + unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) + )), + frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), + interaction=dict(type='str') + )), + vpn=dict(type='list', options=dict( + community=dict(type='list'), + directional=dict(type='list', options=dict( + to=dict(type='str') + )) + )), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['vpn']['options']['directional']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-rule' + + if module.params['action'] is None and module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py new file mode 100644 index 00000000..d0612af0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py @@ -0,0 +1,244 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rule_facts +short_description: Get access-rule objects facts on Check Point over Web Services API +description: + - Get access-rule objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. Should be unique in the domain. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + show_as_ranges: + description: + - When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than + network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response + of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it + contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to + 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request. + type: bool + show_hits: + description: + - N/A + type: bool + hits_settings: + description: + - N/A + type: dict + suboptions: + from_date: + description: + - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'. + type: str + target: + description: + - Target gateway name or UID. + type: str + to_date: + description: + - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-rule + cp_mgmt_access_rule_facts: + layer: Network + name: Rule 1 + +- name: show-access-rulebase + cp_mgmt_access_rule_facts: + details_level: standard + limit: 20 + name: Network + offset: 0 + use_object_dictionary: true +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + show_as_ranges=dict(type='bool'), + show_hits=dict(type='bool'), + hits_settings=dict(type='dict', options=dict( + from_date=dict(type='str'), + target=dict(type='str'), + to_date=dict(type='str') + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "access-rule" + api_call_object_plural_version = "access-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py new file mode 100644 index 00000000..50e829c2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_section +short_description: Manages access-section objects on Checkpoint over Web Services API +description: + - Manages access-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 1 + position: 1 + state: present + +- name: set-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 1 + state: present + +- name: delete-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py new file mode 100644 index 00000000..67109015 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_api_key +short_description: Add API key for administrator, to enable login with it. For the key to be valid publish is needed. +description: + - Add API key for administrator, to enable login with it. For the key to be valid publish is needed. <br>When using mgmt_cli tool, add -f json to get + the key in the command's output. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + admin_uid: + description: + - Administrator uid to generate API key for. + type: str + admin_name: + description: + - Administrator name to generate API key for. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-api-key + cp_mgmt_add_api_key: + admin_name: admin + state: present +""" + +RETURN = """ +cp_mgmt_add_api_key: + description: The checkpoint add-api-key output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + admin_uid=dict(type='str'), + admin_name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-api-key" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py new file mode 100644 index 00000000..595f8206 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_data_center_object +short_description: Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment. +description: + - Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment, e.g. a virtual machine, + cluster, network and more.<br> Use the show-data-center-content command to see the Data Center Objects that can be imported from a Data Center Server. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + data_center_name: + description: + - Name of the Data Center Server the object is in. + type: str + data_center_uid: + description: + - Unique identifier of the Data Center Server the object is in. + type: str + uri: + description: + - URI of the object in the Data Center Server. + type: str + uid_in_data_center: + description: + - Unique identifier of the object in the Data Center Server. + type: str + name: + description: + - Override default name on data-center. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-data-center-object + cp_mgmt_add_data_center_object: + data_center_name: vCenter 1 + name: VM1 mgmt name + state: present + uri: /Datacenters/VMs/My VM1 +""" + +RETURN = """ +cp_mgmt_add_data_center_object: + description: The checkpoint add-data-center-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + data_center_name=dict(type='str'), + data_center_uid=dict(type='str'), + uri=dict(type='str'), + uid_in_data_center=dict(type='str'), + name=dict(type='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-data-center-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py new file mode 100644 index 00000000..ff8fb27c --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_nat_rule +short_description: Create new object. +description: + - Create new object. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. + type: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46'] + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-nat-rule + cp_mgmt_add_nat_rule: + comments: comment example1 nat999 + enabled: false + install_on: + - Policy Targets + original_destination: All_Internet + original_source: Any + package: standard + position: 1 + state: present +""" + +RETURN = """ +cp_mgmt_add_nat_rule: + description: The checkpoint add-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + enabled=dict(type='bool'), + install_on=dict(type='list'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py new file mode 100644 index 00000000..03af4583 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py @@ -0,0 +1,213 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_address_range +short_description: Manages address-range objects on Check Point over Web Services API +description: + - Manages address-range objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-address-range + cp_mgmt_address_range: + ip_address_first: 192.0.2.1 + ip_address_last: 192.0.2.10 + name: New Address Range 1 + state: present + +- name: set-address-range + cp_mgmt_address_range: + color: green + ip_address_first: 192.0.2.1 + ip_address_last: 192.0.2.1 + name: New Address Range 1 + new_name: New Address Range 2 + state: present + +- name: delete-address-range + cp_mgmt_address_range: + name: New Address Range 2 + state: absent +""" + +RETURN = """ +cp_mgmt_address_range: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'address-range' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py new file mode 100644 index 00000000..5702497e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_address_range_facts +short_description: Get address-range objects facts on Check Point over Web Services API +description: + - Get address-range objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-address-range + cp_mgmt_address_range_facts: + name: New Address Range 1 + +- name: show-address-ranges + cp_mgmt_address_range_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "address-range" + api_call_object_plural_version = "address-ranges" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py new file mode 100644 index 00000000..ca05c4cd --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py @@ -0,0 +1,200 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_administrator +short_description: Manages administrator objects on Checkpoint over Web Services API +description: + - Manages administrator objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + authentication_method: + description: + - Authentication method. + type: str + choices: ['undefined', 'check point password', 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key'] + email: + description: + - Administrator email. + type: str + expiration_date: + description: + - Format, YYYY-MM-DD, YYYY-mm-ddThh,mm,ss. + type: str + multi_domain_profile: + description: + - Administrator multi-domain profile. + type: str + must_change_password: + description: + - True if administrator must change password on the next login. + type: bool + password: + description: + - Administrator password. + type: str + password_hash: + description: + - Administrator password hash. + type: str + permissions_profile: + description: + - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or + "Domain Super User". + type: list + suboptions: + profile: + description: + - Permission profile. + type: str + phone_number: + description: + - Administrator phone number. + type: str + radius_server: + description: + - RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS". + type: str + tacacs_server: + description: + - TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS". + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-administrator + cp_mgmt_administrator: + authentication_method: INTERNAL_PASSWORD + email: admin@gmail.com + must_change_password: false + name: admin + password: secret + permissions_profile: read write all + phone_number: 1800-800-800 + state: present + +- name: set-administrator + cp_mgmt_administrator: + name: admin + password: bew secret + permissions_profile: read only profile + state: present + +- name: delete-administrator + cp_mgmt_administrator: + name: admin + state: absent +""" + +RETURN = """ +cp_mgmt_administrator: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + authentication_method=dict(type='str', choices=['undefined', 'check point password', + 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key']), + email=dict(type='str'), + expiration_date=dict(type='str'), + multi_domain_profile=dict(type='str'), + must_change_password=dict(type='bool'), + password=dict(type='str'), + password_hash=dict(type='str'), + permissions_profile=dict(type='list', options=dict( + profile=dict(type='str') + )), + phone_number=dict(type='str'), + radius_server=dict(type='str'), + tacacs_server=dict(type='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'administrator' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py new file mode 100644 index 00000000..d46d649c --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_administrator_facts +short_description: Get administrator objects facts on Checkpoint over Web Services API +description: + - Get administrator objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-administrator + cp_mgmt_administrator_facts: + name: admin + +- name: show-administrators + cp_mgmt_administrator_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "administrator" + api_call_object_plural_version = "administrators" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py new file mode 100644 index 00000000..1fa00da2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py @@ -0,0 +1,176 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site +short_description: Manages application-site objects on Check Point over Web Services API +description: + - Manages application-site objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + primary_category: + description: + - Each application is assigned to one primary category based on its most defining aspect. + type: str + url_list: + description: + - URLs that determine this particular application. + type: list + application_signature: + description: + - Application signature generated by <a + href="https,//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103051">Signature Tool</a>. + type: str + additional_categories: + description: + - Used to configure or edit the additional categories of a custom application / site used in the Application and URL Filtering or Threat Prevention. + type: list + description: + description: + - A description for the application. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + urls_defined_as_regular_expression: + description: + - States whether the URL is defined as a Regular Expression or not. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site + cp_mgmt_application_site: + additional_categories: + - Instant Chat + - Supports Streaming + - New Application Site Category 1 + description: My Application Site + name: New Application Site 1 + primary_category: Social Networking + state: present + url_list: + - www.cnet.com + - www.stackoverflow.com + urls_defined_as_regular_expression: false + +- name: set-application-site + cp_mgmt_application_site: + description: My New Application Site + name: New Application Site 1 + primary_category: Instant Chat + state: present + urls_defined_as_regular_expression: true + +- name: delete-application-site + cp_mgmt_application_site: + name: New Application Site 2 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + primary_category=dict(type='str'), + url_list=dict(type='list'), + application_signature=dict(type='str'), + additional_categories=dict(type='list'), + description=dict(type='str'), + tags=dict(type='list'), + urls_defined_as_regular_expression=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py new file mode 100644 index 00000000..4caa4066 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_category +short_description: Manages application-site-category objects on Check Point over Web Services API +description: + - Manages application-site-category objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - N/A + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site-category + cp_mgmt_application_site_category: + description: My Application Site category + name: New Application Site Category 1 + state: present + +- name: set-application-site-category + cp_mgmt_application_site_category: + description: My new Application Site category + name: New Application Site Category 1 + state: present + +- name: delete-application-site-category + cp_mgmt_application_site_category: + name: New Application Site Category 2 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site_category: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site-category' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py new file mode 100644 index 00000000..22ce4195 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_category_facts +short_description: Get application-site-category objects facts on Check Point over Web Services API +description: + - Get application-site-category objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site-category + cp_mgmt_application_site_category_facts: + name: Social Networking + +- name: show-application-site-categories + cp_mgmt_application_site_category_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "application-site-category" + api_call_object_plural_version = "application-site-categories" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py new file mode 100644 index 00000000..277b0814 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_facts +short_description: Get application-site objects facts on Check Point over Web Services API +description: + - Get application-site objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + application_id: + description: + - Object application identifier. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site + cp_mgmt_application_site_facts: + name: facebook + +- name: show-application-sites + cp_mgmt_application_site_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + application_id=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "application-site" + api_call_object_plural_version = "application-sites" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py new file mode 100644 index 00000000..18740300 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_group +short_description: Manages application-site-group objects on Check Point over Web Services API +description: + - Manages application-site-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of application and URL filtering objects identified by the name or UID. + type: list + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site-group + cp_mgmt_application_site_group: + members: + - facebook + - Social Networking + - New Application Site 1 + - New Application Site Category 1 + name: New Application Site Group 1 + state: present + +- name: set-application-site-group + cp_mgmt_application_site_group: + name: New Application Site Group 1 + members: + - AliveProxy + state: present + +- name: delete-application-site-group + cp_mgmt_application_site_group: + name: New Application Site Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py new file mode 100644 index 00000000..d1fd25bf --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_group_facts +short_description: Get application-site-group objects facts on Check Point over Web Services API +description: + - Get application-site-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site-group + cp_mgmt_application_site_group_facts: + name: New Application Site Group 1 + +- name: show-application-site-groups + cp_mgmt_application_site_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "application-site-group" + api_call_object_plural_version = "application-site-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py new file mode 100644 index 00000000..5598ef4f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_assign_global_assignment +short_description: assign global assignment on Check Point over Web Services API +description: + - assign global assignment on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domains: + description: + - N/A + type: list + global_domains: + description: + - N/A + type: list + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: assign-global-assignment + cp_mgmt_assign_global_assignment: + dependent_domains: domain1 + global_domains: Global2 +""" + +RETURN = """ +cp_mgmt_assign_global_assignment: + description: The checkpoint assign-global-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + dependent_domains=dict(type='list'), + global_domains=dict(type='list'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "assign-global-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py new file mode 100644 index 00000000..e73b47fc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_center_object_facts +short_description: Get data-center-object objects facts on Checkpoint over Web Services API +description: + - Get data-center-object objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-center-object + cp_mgmt_data_center_object_facts: + name: VM1 mgmt name + +- name: show-data-center-objects + cp_mgmt_data_center_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "data-center-object" + api_call_object_plural_version = "data-center-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py new file mode 100644 index 00000000..144e60f1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py @@ -0,0 +1,88 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_api_key +short_description: Delete the API key. For the key to be invalid publish is needed. +description: + - Delete the API key. For the key to be invalid publish is needed. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + api_key: + description: + - API key to be deleted. + type: str + admin_uid: + description: + - Administrator uid to generate API key for. + type: str + admin_name: + description: + - Administrator name to generate API key for. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-api-key + cp_mgmt_delete_api_key: + api_key: eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00 + state: absent +""" + +RETURN = """ +cp_mgmt_delete_api_key: + description: The checkpoint delete-api-key output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + api_key=dict(type='str'), + admin_uid=dict(type='str'), + admin_name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-api-key" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py new file mode 100644 index 00000000..1f97d993 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_data_center_object +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-data-center-object + cp_mgmt_delete_data_center_object: + name: VM1 mgmt name + state: absent +""" + +RETURN = """ +cp_mgmt_delete_data_center_object: + description: The checkpoint delete-data-center-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-data-center-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py new file mode 100644 index 00000000..ef7d19a4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_nat_rule +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-nat-rule + cp_mgmt_delete_nat_rule: + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_delete_nat_rule: + description: The checkpoint delete-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py new file mode 100644 index 00000000..8b769119 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_discard +short_description: All changes done by user are discarded and removed from database. +description: + - All changes done by user are discarded and removed from database. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + uid: + description: + - Session unique identifier. Specify it to discard a different session than the one you currently use. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: discard + cp_mgmt_discard: +""" + +RETURN = """ +cp_mgmt_discard: + description: The checkpoint discard output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "discard" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py new file mode 100644 index 00000000..6951c5f1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dns_domain +short_description: Manages dns-domain objects on Check Point over Web Services API +description: + - Manages dns-domain objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + is_sub_domain: + description: + - Whether to match sub-domains in addition to the domain itself. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dns-domain + cp_mgmt_dns_domain: + is_sub_domain: false + name: .www.example.com + state: present + +- name: set-dns-domain + cp_mgmt_dns_domain: + is_sub_domain: true + name: .www.example.com + state: present + +- name: delete-dns-domain + cp_mgmt_dns_domain: + name: .example.com + state: absent +""" + +RETURN = """ +cp_mgmt_dns_domain: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + is_sub_domain=dict(type='bool'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dns-domain' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py new file mode 100644 index 00000000..76e6e434 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dns_domain_facts +short_description: Get dns-domain objects facts on Check Point over Web Services API +description: + - Get dns-domain objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dns-domain + cp_mgmt_dns_domain_facts: + name: .www.example.com + +- name: show-dns-domains + cp_mgmt_dns_domain_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "dns-domain" + api_call_object_plural_version = "dns-domains" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py new file mode 100644 index 00000000..c8f4f95f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_object +short_description: Manages dynamic-object objects on Check Point over Web Services API +description: + - Manages dynamic-object objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dynamic-object + cp_mgmt_dynamic_object: + color: yellow + comments: My Dynamic Object 1 + name: Dynamic_Object_1 + state: present + +- name: delete-dynamic-object + cp_mgmt_dynamic_object: + name: Dynamic_Object_2 + state: absent +""" + +RETURN = """ +cp_mgmt_dynamic_object: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dynamic-object' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py new file mode 100644 index 00000000..4593fb06 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_object_facts +short_description: Get dynamic-object objects facts on Check Point over Web Services API +description: + - Get dynamic-object objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dynamic-object + cp_mgmt_dynamic_object_facts: + name: Dynamic_Object_1 + +- name: show-dynamic-objects + cp_mgmt_dynamic_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "dynamic-object" + api_call_object_plural_version = "dynamic-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py new file mode 100644 index 00000000..b56e83bf --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py @@ -0,0 +1,177 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_exception_group +short_description: Manages exception-group objects on Check Point over Web Services API +description: + - Manages exception-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + applied_profile: + description: + - The threat profile to apply this group to in the case of apply-on threat-rules-with-specific-profile. + type: str + applied_threat_rules: + description: + - The threat rules to apply this group on in the case of apply-on manually-select-threat-rules. + type: dict + suboptions: + add: + description: + - Adds to collection of values + type: list + suboptions: + layer: + description: + - The layer of the threat rule to which the group is to be attached. + type: str + name: + description: + - The name of the threat rule to which the group is to be attached. + type: str + rule_number: + description: + - The rule-number of the threat rule to which the group is to be attached. + type: str + position: + description: + - Position in the rulebase. + type: str + apply_on: + description: + - An exception group can be set to apply on all threat rules, all threat rules which have a specific profile, or those rules manually chosen by the user. + type: str + choices: ['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules'] + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-exception-group + cp_mgmt_exception_group: + applied_threat_rules.0.layer: MyLayer + applied_threat_rules.0.name: MyThreatRule + apply_on: manually-select-threat-rules + name: exception_group_2 + state: present + +- name: set-exception-group + cp_mgmt_exception_group: + apply_on: all-threat-rules + name: exception_group_2 + state: present + tags: tag3 + +- name: delete-exception-group + cp_mgmt_exception_group: + name: exception_group_2 + state: absent +""" + +RETURN = """ +cp_mgmt_exception_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + applied_profile=dict(type='str'), + applied_threat_rules=dict(type='dict', options=dict( + add=dict(type='list', options=dict( + layer=dict(type='str'), + name=dict(type='str'), + rule_number=dict(type='str'), + position=dict(type='str') + )) + )), + apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'exception-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py new file mode 100644 index 00000000..2a8fac86 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_exception_group_facts +short_description: Get exception-group objects facts on Check Point over Web Services API +description: + - Get exception-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-exception-group + cp_mgmt_exception_group_facts: + name: exception_group_2 + +- name: show-exception-groups + cp_mgmt_exception_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "exception-group" + api_call_object_plural_version = "exception-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py new file mode 100644 index 00000000..2249227b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_global_assignment +short_description: Manages global-assignment objects on Check Point over Web Services API +description: + - Manages global-assignment objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domain: + description: + - N/A + type: str + global_access_policy: + description: + - Global domain access policy that is assigned to a dependent domain. + type: str + global_domain: + description: + - N/A + type: str + global_threat_prevention_policy: + description: + - Global domain threat prevention policy that is assigned to a dependent domain. + type: str + manage_protection_actions: + description: + - N/A + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain2 + global_access_policy: standard + global_domain: Global + global_threat_prevention_policy: standard + manage_protection_actions: true + state: present + +- name: set-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain1 + global_domain: Global2 + global_threat_prevention_policy: '' + manage_protection_actions: false + state: present + +- name: delete-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain1 + global_domain: Global2 + state: absent +""" + +RETURN = """ +cp_mgmt_global_assignment: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + dependent_domain=dict(type='str'), + global_access_policy=dict(type='str'), + global_domain=dict(type='str'), + global_threat_prevention_policy=dict(type='str'), + manage_protection_actions=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'global-assignment' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py new file mode 100644 index 00000000..4725365d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_global_assignment_facts +short_description: Get global-assignment objects facts on Check Point over Web Services API +description: + - Get global-assignment objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domain: + description: + - N/A + type: str + global_domain: + description: + - N/A + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-global-assignment + cp_mgmt_global_assignment_facts: + dependent_domain: domain1 + global_domain: Global2 + +- name: show-global-assignments + cp_mgmt_global_assignment_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + dependent_domain=dict(type='str'), + global_domain=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "global-assignment" + api_call_object_plural_version = "global-assignments" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py new file mode 100644 index 00000000..25867ad8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py @@ -0,0 +1,140 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group +short_description: Manages group objects on Check Point over Web Services API +description: + - Manages group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Network objects identified by the name or UID. + type: list + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-group + cp_mgmt_group: + members: + - New Host 1 + - My Test Host 3 + name: New Group 5 + state: present + +- name: set-group + cp_mgmt_group: + name: New Group 1 + state: present + +- name: delete-group + cp_mgmt_group: + name: New Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py new file mode 100644 index 00000000..4dfd04dc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_facts +short_description: Get group objects facts on Check Point over Web Services API +description: + - Get group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the group's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that are not + represented using IP addresses are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter + is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-group + cp_mgmt_group_facts: + name: Demo_Group + +- name: show-groups + cp_mgmt_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "group" + api_call_object_plural_version = "groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py new file mode 100644 index 00000000..d3a47485 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_with_exclusion +short_description: Manages group-with-exclusion objects on Check Point over Web Services API +description: + - Manages group-with-exclusion objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + except: + description: + - Name or UID of an object which the group excludes. + type: str + include: + description: + - Name or UID of an object which the group includes. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-group-with-exclusion + cp_mgmt_group_with_exclusion: + except: New Group 2 + include: New Group 1 + name: Group with exclusion + state: present + +- name: set-group-with-exclusion + cp_mgmt_group_with_exclusion: + except: New Group 1 + include: New Group 2 + name: Group with exclusion + state: present + +- name: delete-group-with-exclusion + cp_mgmt_group_with_exclusion: + name: Group with exclusion + state: absent +""" + +RETURN = """ +cp_mgmt_group_with_exclusion: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + include=dict(type='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['except'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'group-with-exclusion' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py new file mode 100644 index 00000000..7f3230b1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py @@ -0,0 +1,133 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_with_exclusion_facts +short_description: Get group-with-exclusion objects facts on Check Point over Web Services API +description: + - Get group-with-exclusion objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the group with exclusion's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that + are not represented using IP addresses are presented as objects.<br />The 'include' and 'except' parameters are omitted from the response and instead + the 'ranges' parameter is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-group-with-exclusion + cp_mgmt_group_with_exclusion_facts: + name: Group with exclusion + +- name: show-groups-with-exclusion + cp_mgmt_group_with_exclusion_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "group-with-exclusion" + api_call_object_plural_version = "groups-with-exclusion" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py new file mode 100644 index 00000000..35ff92cb --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py @@ -0,0 +1,333 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_host +short_description: Manages host objects on Check Point over Web Services API +description: + - Manages host objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + interfaces: + description: + - Host interfaces. + type: list + suboptions: + name: + description: + - Interface name. + type: str + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask + length it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + host_servers: + description: + - Servers Configuration. + type: dict + suboptions: + dns_server: + description: + - Gets True if this server is a DNS Server. + type: bool + mail_server: + description: + - Gets True if this server is a Mail Server. + type: bool + web_server: + description: + - Gets True if this server is a Web Server. + type: bool + web_server_config: + description: + - Web Server configuration. + type: dict + suboptions: + additional_ports: + description: + - Server additional ports. + type: list + application_engines: + description: + - Application engines of this web server. + type: list + listen_standard_port: + description: + - Whether server listens to standard port. + type: bool + operating_system: + description: + - Operating System. + type: str + choices: ['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris'] + protected_by: + description: + - Network object which protects this server identified by the name or UID. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-host + cp_mgmt_host: + ip_address: 192.0.2.1 + name: New Host 1 + state: present + +- name: set-host + cp_mgmt_host: + color: green + ipv4_address: 192.0.2.2 + name: New Host 1 + state: present + +- name: delete-host + cp_mgmt_host: + name: New Host 1 + state: absent +""" + +RETURN = """ +cp_mgmt_host: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + interfaces=dict(type='list', options=dict( + name=dict(type='str'), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list'), + host_servers=dict(type='dict', options=dict( + dns_server=dict(type='bool'), + mail_server=dict(type='bool'), + web_server=dict(type='bool'), + web_server_config=dict(type='dict', options=dict( + additional_ports=dict(type='list'), + application_engines=dict(type='list'), + listen_standard_port=dict(type='bool'), + operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']), + protected_by=dict(type='str') + )) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'host' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py new file mode 100644 index 00000000..fcfc42da --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_host_facts +short_description: Get host objects facts on Check Point over Web Services API +description: + - Get host objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-host + cp_mgmt_host_facts: + name: New Host 1 + +- name: show-hosts + cp_mgmt_host_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "host" + api_call_object_plural_version = "hosts" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py new file mode 100644 index 00000000..f96796ea --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_section +short_description: Manages https-section objects on Checkpoint over Web Services API +description: + - Manages https-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 1 + position: 1 + state: present + +- name: set-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 1 + state: present + +- name: delete-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 2 + state: absent +""" + +RETURN = """ +cp_mgmt_https_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'https-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py new file mode 100644 index 00000000..032abe6d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_policy +short_description: install policy on Check Point over Web Services API +description: + - install policy on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + policy_package: + description: + - The name of the Policy Package to be installed. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + access: + description: + - Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input + policy package, otherwise false. + type: bool + desktop_security: + description: + - Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the + input policy package, otherwise false. + type: bool + qos: + description: + - Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy + package, otherwise false. + type: bool + threat_prevention: + description: + - Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the + input policy package, otherwise false. + type: bool + install_on_all_cluster_members_or_fail: + description: + - Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails, + don't install on that cluster. + type: bool + prepare_only: + description: + - If true, prepares the policy for the installation, but doesn't install it on an installation target. + type: bool + revision: + description: + - The UID of the revision of the policy to install. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-policy + cp_mgmt_install_policy: + access: true + policy_package: standard + targets: + - corporate-gateway + threat_prevention: true +""" + +RETURN = """ +cp_mgmt_install_policy: + description: The checkpoint install-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + policy_package=dict(type='str'), + targets=dict(type='list'), + access=dict(type='bool'), + desktop_security=dict(type='bool'), + qos=dict(type='bool'), + threat_prevention=dict(type='bool'), + install_on_all_cluster_members_or_fail=dict(type='bool'), + prepare_only=dict(type='bool'), + revision=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py new file mode 100644 index 00000000..0915141e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py @@ -0,0 +1,120 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_software_package +short_description: Installs the software package on target machines. +description: + - Installs the software package on target machines. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + cluster_installation_settings: + description: + - Installation settings for cluster. + type: dict + suboptions: + cluster_delay: + description: + - The delay between end of installation on one cluster members and start of installation on the next cluster member. + type: int + cluster_strategy: + description: + - The cluster installation strategy. + type: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int + method: + description: + - NOTE, Supported from Check Point version R81 + - How we want to use the package. + type: str + choices: ['install', 'upgrade'] + package_location: + description: + - NOTE, Supported from Check Point version R81 + - The package repository. + type: str + choices: ['automatic', 'target-machine', 'central'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-software-package + cp_mgmt_install_software_package: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + package_location: automatic + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_install_software_package: + description: The checkpoint install-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list'), + cluster_installation_settings=dict(type='dict', options=dict( + cluster_delay=dict(type='int'), + cluster_strategy=dict(type='str') + )), + concurrency_limit=dict(type='int'), + method=dict(type='str', choices=['install', 'upgrade']), + package_location=dict(type='str', choices=['automatic', 'target-machine', 'central']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py new file mode 100644 index 00000000..12e20391 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mds_facts +short_description: Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API +description: + - Get mds objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-mds + cp_mgmt_mds_facts: + name: test_mds1 + +- name: show-mdss + cp_mgmt_mds_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "mds" + api_call_object_plural_version = "mdss" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py new file mode 100644 index 00000000..32b9a29a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py @@ -0,0 +1,181 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multicast_address_range +short_description: Manages multicast-address-range objects on Check Point over Web Services API +description: + - Manages multicast-address-range objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-multicast-address-range + cp_mgmt_multicast_address_range: + ip_address_first: 224.0.0.1 + ip_address_last: 224.0.0.4 + name: New Multicast Address Range + state: present + +- name: set-multicast-address-range + cp_mgmt_multicast_address_range: + ip_address_first: 224.0.0.7 + ip_address_last: 224.0.0.10 + name: New Multicast Address Range + state: present + +- name: delete-multicast-address-range + cp_mgmt_multicast_address_range: + name: New Multicast Address Range + state: absent +""" + +RETURN = """ +cp_mgmt_multicast_address_range: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'multicast-address-range' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py new file mode 100644 index 00000000..e84d988d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multicast_address_range_facts +short_description: Get multicast-address-range objects facts on Check Point over Web Services API +description: + - Get multicast-address-range objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-multicast-address-range + cp_mgmt_multicast_address_range_facts: + name: New Multicast Address Range + +- name: show-multicast-address-ranges + cp_mgmt_multicast_address_range_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "multicast-address-range" + api_call_object_plural_version = "multicast-address-ranges" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py new file mode 100644 index 00000000..50cdc3c6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py @@ -0,0 +1,202 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_rule_facts +short_description: Get nat-rule objects facts on Checkpoint over Web Services API +description: + - Get nat-rule objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-nat-rule + cp_mgmt_nat_rule_facts: + package: standard + +- name: show-nat-rulebase + cp_mgmt_nat_rule_facts: + details_level: standard + limit: 2 + offset: 1 + package: standard + use_object_dictionary: true +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "nat-rule" + api_call_object_plural_version = "nat-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py new file mode 100644 index 00000000..a622ef75 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_section +short_description: Manages nat-section objects on Checkpoint over Web Services API +description: + - Manages nat-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + position: 1 + state: present + +- name: set-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + state: present + +- name: delete-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_nat_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'nat-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py new file mode 100644 index 00000000..2f7ea55b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py @@ -0,0 +1,225 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network +short_description: Manages network objects on Check Point over Web Services API +description: + - Manages network objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask length + it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + broadcast: + description: + - Allow broadcast address inclusion. + type: str + choices: ['disallow', 'allow'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-network + cp_mgmt_network: + name: New Network 1 + state: present + subnet: 192.0.2.0 + subnet_mask: 255.255.255.0 + +- name: set-network + cp_mgmt_network: + color: green + mask_length: 16 + name: New Network 1 + new_name: New Network 2 + state: present + subnet: 192.0.0.0 + +- name: delete-network + cp_mgmt_network: + name: New Network 2 + state: absent +""" + +RETURN = """ +cp_mgmt_network: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list'), + broadcast=dict(type='str', choices=['disallow', 'allow']), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'network' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py new file mode 100644 index 00000000..8cca44d9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_facts +short_description: Get network objects facts on Check Point over Web Services API +description: + - Get network objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-network + cp_mgmt_network_facts: + name: New Network 1 + +- name: show-networks + cp_mgmt_network_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "network" + api_call_object_plural_version = "networks" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py new file mode 100644 index 00000000..e3aea495 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py @@ -0,0 +1,243 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_package +short_description: Manages package objects on Check Point over Web Services API +description: + - Manages package objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + access: + description: + - True - enables, False - disables access & NAT policies, empty - nothing is changed. + type: bool + desktop_security: + description: + - True - enables, False - disables Desktop security policy, empty - nothing is changed. + type: bool + installation_targets: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + qos: + description: + - True - enables, False - disables QoS policy, empty - nothing is changed. + type: bool + qos_policy_type: + description: + - QoS policy type. + type: str + choices: ['recommended', 'express'] + tags: + description: + - Collection of tag identifiers. + type: list + threat_prevention: + description: + - True - enables, False - disables Threat policy, empty - nothing is changed. + type: bool + vpn_traditional_mode: + description: + - True - enables, False - disables VPN traditional mode, empty - nothing is changed. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + access_layers: + description: + - Access policy layers. + type: dict + suboptions: + add: + description: + - Collection of Access layer objects to be added identified by the name or UID. + type: list + suboptions: + name: + description: + - Layer name or UID. + type: str + position: + description: + - Layer position. + type: int + remove: + description: + - Collection of Access layer objects to be removed identified by the name or UID. + type: list + value: + description: + - Collection of Access layer objects to be set identified by the name or UID. Replaces existing Access layers. + type: list + threat_layers: + description: + - Threat policy layers. + type: dict + suboptions: + add: + description: + - Collection of Threat layer objects to be added identified by the name or UID. + type: list + suboptions: + name: + description: + - Layer name or UID. + type: str + position: + description: + - Layer position. + type: int + remove: + description: + - Collection of Threat layer objects to be removed identified by the name or UID. + type: list + value: + description: + - Collection of Threat layer objects to be set identified by the name or UID. Replaces existing Threat layers. + type: list +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-package + cp_mgmt_package: + access: true + color: green + comments: My Comments + name: New_Standard_Package_1 + state: present + threat_prevention: false + +- name: set-package + cp_mgmt_package: + access_layers: + add: + - name: New Access Layer 1 + position: 1 + name: Standard + state: present + threat_layers: + add: + - name: New Layer 1 + position: 2 + +- name: delete-package + cp_mgmt_package: + name: New Standard Package 1 + state: absent +""" + +RETURN = """ +cp_mgmt_package: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + access=dict(type='bool'), + desktop_security=dict(type='bool'), + installation_targets=dict(type='list'), + qos=dict(type='bool'), + qos_policy_type=dict(type='str', choices=['recommended', 'express']), + tags=dict(type='list'), + threat_prevention=dict(type='bool'), + vpn_traditional_mode=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + access_layers=dict(type='dict', options=dict( + add=dict(type='list', options=dict( + name=dict(type='str'), + position=dict(type='int') + )), + remove=dict(type='list'), + value=dict(type='list') + )), + threat_layers=dict(type='dict', options=dict( + add=dict(type='list', options=dict( + name=dict(type='str'), + position=dict(type='int') + )), + remove=dict(type='list'), + value=dict(type='list') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'package' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py new file mode 100644 index 00000000..7db0d35f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_package_facts +short_description: Get package objects facts on Check Point over Web Services API +description: + - Get package objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-package + cp_mgmt_package_facts: + name: New_Standard_Package_1 + +- name: show-packages + cp_mgmt_package_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "package" + api_call_object_plural_version = "packages" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py new file mode 100644 index 00000000..fadc444a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_publish +short_description: All the changes done by this user will be seen by all users only after publish is called. +description: + - All the changes done by this user will be seen by all users only after publish is called. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + uid: + description: + - Session unique identifier. Specify it to publish a different session than the one you currently use. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: publish + cp_mgmt_publish: +""" + +RETURN = """ +cp_mgmt_publish: + description: The checkpoint publish output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "publish" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py new file mode 100644 index 00000000..63ede672 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py @@ -0,0 +1,101 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_put_file +short_description: put file on Check Point over Web Services API +description: + - put file on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + file_content: + description: + - N/A + type: str + file_name: + description: + - N/A + type: str + file_path: + description: + - N/A + type: str + comments: + description: + - Comments string. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: put-file + cp_mgmt_put_file: + file_content: 'vs ip 192.0.2.1\nvs2 ip 192.0.2.2' + file_name: vsx_conf + file_path: /home/admin/ + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_put_file: + description: The checkpoint put-file output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list'), + file_content=dict(type='str'), + file_name=dict(type='str'), + file_path=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "put-file" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py new file mode 100644 index 00000000..ecf52fdf --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_run_ips_update +short_description: Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. +description: + - Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + package_path: + description: + - Offline update package path. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: run-ips-update + cp_mgmt_run_ips_update: +""" + +RETURN = """ +cp_mgmt_run_ips_update: + description: The checkpoint run-ips-update output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + package_path=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "run-ips-update" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py new file mode 100644 index 00000000..b14ceffa --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py @@ -0,0 +1,100 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_run_script +short_description: Executes the script on a given list of targets. +description: + - Executes the script on a given list of targets. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + script_name: + description: + - Script name. + type: str + script: + description: + - Script body. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + args: + description: + - Script arguments. + type: str + comments: + description: + - Comments string. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: run-script + cp_mgmt_run_script: + script: ls -l / + script_name: 'Script Example: List files under / dir' + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_run_script: + description: The checkpoint run-script output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + script_name=dict(type='str'), + script=dict(type='str'), + targets=dict(type='list'), + args=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "run-script" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py new file mode 100644 index 00000000..61151788 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_security_zone +short_description: Manages security-zone objects on Check Point over Web Services API +description: + - Manages security-zone objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-security-zone + cp_mgmt_security_zone: + color: yellow + comments: My Security Zone 1 + name: SZone1 + state: present + +- name: set-security-zone + cp_mgmt_security_zone: + name: SZone1 + state: present + +- name: delete-security-zone + cp_mgmt_security_zone: + name: SZone2 + state: absent +""" + +RETURN = """ +cp_mgmt_security_zone: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'security-zone' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py new file mode 100644 index 00000000..d6930f9e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_security_zone_facts +short_description: Get security-zone objects facts on Check Point over Web Services API +description: + - Get security-zone objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-security-zone + cp_mgmt_security_zone_facts: + name: SZone1 + +- name: show-security-zones + cp_mgmt_security_zone_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "security-zone" + api_call_object_plural_version = "security-zones" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py new file mode 100644 index 00000000..68cff284 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_dce_rpc +short_description: Manages service-dce-rpc objects on Check Point over Web Services API +description: + - Manages service-dce-rpc objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + interface_uuid: + description: + - Network interface UUID. + type: str + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-dce-rpc + cp_mgmt_service_dce_rpc: + interface_uuid: 97aeb460-9aea-11d5-bd16-0090272ccb30 + keep_connections_open_after_policy_installation: false + name: New_DCE-RPC_Service_1 + state: present + +- name: set-service-dce-rpc + cp_mgmt_service_dce_rpc: + color: green + interface_uuid: 44aeb460-9aea-11d5-bd16-009027266b30 + name: New_DCE-RPC_Service_1 + state: present + +- name: delete-service-dce-rpc + cp_mgmt_service_dce_rpc: + name: New_DCE-RPC_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_dce_rpc: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + interface_uuid=dict(type='str'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-dce-rpc' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py new file mode 100644 index 00000000..30f5d1ad --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_dce_rpc_facts +short_description: Get service-dce-rpc objects facts on Check Point over Web Services API +description: + - Get service-dce-rpc objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-dce-rpc + cp_mgmt_service_dce_rpc_facts: + name: HP-OpCdistm + +- name: show-services-dce-rpc + cp_mgmt_service_dce_rpc_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-dce-rpc" + api_call_object_plural_version = "services-dce-rpc" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py new file mode 100644 index 00000000..7d1072ec --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_group +short_description: Manages service-group objects on Check Point over Web Services API +description: + - Manages service-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Network objects identified by the name or UID. + type: list + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-group + cp_mgmt_service_group: + members: + - https + - bootp + - nisplus + - HP-OpCdistm + name: New Service Group 1 + state: present + +- name: set-service-group + cp_mgmt_service_group: + name: New Service Group 1 + members: + - https + - bootp + - nisplus + state: present + +- name: delete-service-group + cp_mgmt_service_group: + name: New Service Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_service_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py new file mode 100644 index 00000000..a9299332 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_group_facts +short_description: Get service-group objects facts on Check Point over Web Services API +description: + - Get service-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the service group's matched content is displayed as ranges of port numbers rather than service objects.<br />Objects that are not + represented using port numbers are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter + is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-group + cp_mgmt_service_group_facts: + name: New Service Group 1 + +- name: show-service-groups + cp_mgmt_service_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-group" + api_call_object_plural_version = "service-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py new file mode 100644 index 00000000..2514338f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp +short_description: Manages service-icmp objects on Check Point over Web Services API +description: + - Manages service-icmp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + icmp_code: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + icmp_type: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-icmp + cp_mgmt_service_icmp: + icmp_code: 7 + icmp_type: 5 + name: Icmp1 + state: present + +- name: set-service-icmp + cp_mgmt_service_icmp: + icmp_code: 13 + icmp_type: 45 + name: icmp1 + state: present + +- name: delete-service-icmp + cp_mgmt_service_icmp: + name: icmp3 + state: absent +""" + +RETURN = """ +cp_mgmt_service_icmp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + icmp_code=dict(type='int'), + icmp_type=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-icmp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py new file mode 100644 index 00000000..3a8499f0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp6 +short_description: Manages service-icmp6 objects on Check Point over Web Services API +description: + - Manages service-icmp6 objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + icmp_code: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + icmp_type: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-icmp6 + cp_mgmt_service_icmp6: + icmp_code: 7 + icmp_type: 5 + name: Icmp1 + state: present + +- name: set-service-icmp6 + cp_mgmt_service_icmp6: + icmp_code: 13 + icmp_type: 45 + name: icmp1 + state: present + +- name: delete-service-icmp6 + cp_mgmt_service_icmp6: + name: icmp2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_icmp6: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + icmp_code=dict(type='int'), + icmp_type=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-icmp6' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py new file mode 100644 index 00000000..c32f58d6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp6_facts +short_description: Get service-icmp6 objects facts on Check Point over Web Services API +description: + - Get service-icmp6 objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-icmp6 + cp_mgmt_service_icmp6_facts: + name: echo-reply6 + +- name: show-services-icmp6 + cp_mgmt_service_icmp6_facts: + limit: 2 + offset: 4 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-icmp6" + api_call_object_plural_version = "services-icmp6" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py new file mode 100644 index 00000000..5a71a796 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp_facts +short_description: Get service-icmp objects facts on Check Point over Web Services API +description: + - Get service-icmp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-icmp + cp_mgmt_service_icmp_facts: + name: info-req + +- name: show-services-icmp + cp_mgmt_service_icmp_facts: + limit: 4 + offset: 3 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-icmp" + api_call_object_plural_version = "services-icmp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py new file mode 100644 index 00000000..404e9819 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py @@ -0,0 +1,225 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_other +short_description: Manages service-other objects on Check Point over Web Services API +description: + - Manages service-other objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + accept_replies: + description: + - Specifies whether Other Service replies are to be accepted. + type: bool + action: + description: + - Contains an INSPECT expression that defines the action to take if a rule containing this service is matched. + Example, set r_mhandler &open_ssl_handler sets a handler on the connection. + type: str + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + ip_protocol: + description: + - IP protocol number. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match: + description: + - Contains an INSPECT expression that defines the matching criteria. The connection is examined against the expression during the first packet. + Example, tcp, dport = 21, direction = 0 matches incoming FTP control connections. + type: str + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-other + cp_mgmt_service_other: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + ip_protocol: 51 + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_Service_1 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-other + cp_mgmt_service_other: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_Service_1 + state: present + +- name: delete-service-other + cp_mgmt_service_other: + name: New_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_other: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + accept_replies=dict(type='bool'), + action=dict(type='str'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + ip_protocol=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + match=dict(type='str'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + session_timeout=dict(type='int'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-other' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py new file mode 100644 index 00000000..b0c77f7a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_other_facts +short_description: Get service-other objects facts on Check Point over Web Services API +description: + - Get service-other objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-other + cp_mgmt_service_other_facts: + name: New_Service_1 + +- name: show-services-other + cp_mgmt_service_other_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-other" + api_call_object_plural_version = "services-other" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py new file mode 100644 index 00000000..48db36e2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_rpc +short_description: Manages service-rpc objects on Check Point over Web Services API +description: + - Manages service-rpc objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + program_number: + description: + - N/A + type: int + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-rpc + cp_mgmt_service_rpc: + keep_connections_open_after_policy_installation: false + name: New_RPC_Service_1 + program_number: 5669 + state: present + +- name: set-service-rpc + cp_mgmt_service_rpc: + color: green + name: New_RPC_Service_1 + program_number: 5656 + state: present + +- name: delete-service-rpc + cp_mgmt_service_rpc: + name: New_RPC_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_rpc: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + keep_connections_open_after_policy_installation=dict(type='bool'), + program_number=dict(type='int'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-rpc' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py new file mode 100644 index 00000000..7cf26eab --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_rpc_facts +short_description: Get service-rpc objects facts on Check Point over Web Services API +description: + - Get service-rpc objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-rpc + cp_mgmt_service_rpc_facts: + name: nisplus + +- name: show-services-rpc + cp_mgmt_service_rpc_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-rpc" + api_call_object_plural_version = "services-rpc" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py new file mode 100644 index 00000000..b804d4ff --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py @@ -0,0 +1,209 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_sctp +short_description: Manages service-sctp objects on Check Point over Web Services API +description: + - Manages service-sctp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + port: + description: + - Port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45. + type: str + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Source port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-sctp + cp_mgmt_service_sctp: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_SCTP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-sctp + cp_mgmt_service_sctp: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_SCTP_Service_1 + port: 5656 + state: present + +- name: delete-service-sctp + cp_mgmt_service_sctp: + name: New_SCTP_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_sctp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + port=dict(type='str'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_for_any=dict(type='bool'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-sctp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py new file mode 100644 index 00000000..6111060f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_sctp_facts +short_description: Get service-sctp objects facts on Check Point over Web Services API +description: + - Get service-sctp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-sctp + cp_mgmt_service_sctp_facts: + name: New_SCTP_Service_1 + +- name: show-services-sctp + cp_mgmt_service_sctp_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-sctp" + api_call_object_plural_version = "services-sctp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py new file mode 100644 index 00000000..7afed389 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py @@ -0,0 +1,229 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_tcp +short_description: Manages service-tcp objects on Check Point over Web Services API +description: + - Manages service-tcp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_by_protocol_signature: + description: + - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option + to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + port: + description: + - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for + example 44-55. + type: str + protocol: + description: + - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and + Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of + security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports). + type: str + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet + inspection. Otherwise, the source port is not inspected. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-tcp + cp_mgmt_service_tcp: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_TCP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-tcp + cp_mgmt_service_tcp: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_TCP_Service_1 + port: 5656 + state: present + +- name: delete-service-tcp + cp_mgmt_service_tcp: + name: New_TCP_Service_1 + state: absent +""" + +RETURN = """ +cp_mgmt_service_tcp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_by_protocol_signature=dict(type='bool'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + port=dict(type='str'), + protocol=dict(type='str'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-tcp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py new file mode 100644 index 00000000..7531e76b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_tcp_facts +short_description: Get service-tcp objects facts on Check Point over Web Services API +description: + - Get service-tcp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-tcp + cp_mgmt_service_tcp_facts: + name: https + +- name: show-services-tcp + cp_mgmt_service_tcp_facts: + details_level: standard + limit: 10 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-tcp" + api_call_object_plural_version = "services-tcp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py new file mode 100644 index 00000000..a7252445 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py @@ -0,0 +1,236 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_udp +short_description: Manages service-udp objects on Check Point over Web Services API +description: + - Manages service-udp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + accept_replies: + description: + - N/A + type: bool + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_by_protocol_signature: + description: + - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option + to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + port: + description: + - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for + example 44-55. + type: str + protocol: + description: + - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and + Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of + security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports). + type: str + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet + inspection. Otherwise, the source port is not inspected. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-udp + cp_mgmt_service_udp: + accept_replies: false + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_UDP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-udp + cp_mgmt_service_udp: + accept_replies: true + aggressive_aging: + default_timeout: 3600 + color: green + name: New_UDP_Service_1 + port: 5656 + state: present + +- name: delete-service-udp + cp_mgmt_service_udp: + name: New_UDP_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_udp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + accept_replies=dict(type='bool'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_by_protocol_signature=dict(type='bool'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + port=dict(type='str'), + protocol=dict(type='str'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-udp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py new file mode 100644 index 00000000..ee704064 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_udp_facts +short_description: Get service-udp objects facts on Check Point over Web Services API +description: + - Get service-udp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-udp + cp_mgmt_service_udp_facts: + name: bootp + +- name: show-services-udp + cp_mgmt_service_udp_facts: + details_level: standard + limit: 10 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "service-udp" + api_call_object_plural_version = "services-udp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py new file mode 100644 index 00000000..c5c741d5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_session_facts +short_description: Get session objects facts on Check Point over Web Services API +description: + - Get session objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the session publish time. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + view_published_sessions: + description: + - Show a list of published sessions. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-session + cp_mgmt_session_facts: + +- name: show-sessions + cp_mgmt_session_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + view_published_sessions=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "session" + api_call_object_plural_version = "sessions" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py new file mode 100644 index 00000000..ae9e0fc8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py @@ -0,0 +1,160 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_nat_rule +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46'] + new_position: + description: + - New position in the rulebase. + type: str + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-nat-rule + cp_mgmt_set_nat_rule: + comments: rule for RND members RNDNetwork-> RND to Internal Network + enabled: false + original_service: ssh_version_2 + original_source: Any + package: standard + state: present +""" + +RETURN = """ +cp_mgmt_set_nat_rule: + description: The checkpoint set-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + enabled=dict(type='bool'), + install_on=dict(type='list'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), + new_position=dict(type='str'), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py new file mode 100644 index 00000000..83fe28fd --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_access_section +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-access-section + cp_mgmt_show_access_section: + layer: Network + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_access_section: + description: The checkpoint show-access-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-access-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py new file mode 100644 index 00000000..197c60a6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_https_section +short_description: Retrieve existing HTTPS Inspection section using section name or uid and layer name. +description: + - Retrieve existing HTTPS Inspection section using section name or uid and layer name. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-https-section + cp_mgmt_show_https_section: + layer: Default Layer + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_https_section: + description: The checkpoint show-https-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-https-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py new file mode 100644 index 00000000..53bdee7f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_nat_section +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-nat-section + cp_mgmt_show_nat_section: + name: New Section 1 + package: standard +""" + +RETURN = """ +cp_mgmt_show_nat_section: + description: The checkpoint show-nat-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-nat-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py new file mode 100644 index 00000000..aa3fda8b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_software_package_details +short_description: Gets the software package information from the cloud. +description: + - Gets the software package information from the cloud. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-software-package-details + cp_mgmt_show_software_package_details: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz +""" + +RETURN = """ +cp_mgmt_show_software_package_details: + description: The checkpoint show-software-package-details output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-software-package-details" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py new file mode 100644 index 00000000..443081ea --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_task +short_description: Show task progress and details. +description: + - Show task progress and details. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + task_id: + description: + - Unique identifier of one or more tasks. + type: list + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-task + cp_mgmt_show_task: + task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb +""" + +RETURN = """ +cp_mgmt_show_task: + description: The checkpoint show-task output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + task_id=dict(type='list'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-task" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py new file mode 100644 index 00000000..b1b3bd90 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py @@ -0,0 +1,133 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_tasks +short_description: Retrieve all tasks and show their progress and details. +description: + - Retrieve all tasks and show their progress and details. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + initiator: + description: + - Initiator's name. If name isn't specified, tasks from all initiators will be shown. + type: str + status: + description: + - Status. + type: str + choices: ['successful', 'failed', 'in-progress', 'all'] + from_date: + description: + - The date from which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, the + Management server's timezone is used. + type: str + to_date: + description: + - The date until which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, + the Management server's timezone is used. + type: str + limit: + description: + - The maximal number of returned results. + type: int + offset: + description: + - Number of the results to initially skip. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the task's last update date. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-tasks + cp_mgmt_show_tasks: + from_date: '2018-05-23T08:00:00' + initiator: admin1 + status: successful +""" + +RETURN = """ +cp_mgmt_show_tasks: + description: The checkpoint show-tasks output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + initiator=dict(type='str'), + status=dict(type='str', choices=['successful', 'failed', 'in-progress', 'all']), + from_date=dict(type='str'), + to_date=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-tasks" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py new file mode 100644 index 00000000..a32f0a1d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py @@ -0,0 +1,630 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_gateway +short_description: Manages simple-gateway objects on Check Point over Web Services API +description: + - Manages simple-gateway objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + anti_bot: + description: + - Anti-Bot blade enabled. + type: bool + anti_virus: + description: + - Anti-Virus blade enabled. + type: bool + application_control: + description: + - Application Control blade enabled. + type: bool + content_awareness: + description: + - Content Awareness blade enabled. + type: bool + firewall: + description: + - Firewall blade enabled. + type: bool + firewall_settings: + description: + - N/A + type: dict + suboptions: + auto_calculate_connections_hash_table_size_and_memory_pool: + description: + - N/A + type: bool + auto_maximum_limit_for_concurrent_connections: + description: + - N/A + type: bool + connections_hash_size: + description: + - N/A + type: int + maximum_limit_for_concurrent_connections: + description: + - N/A + type: int + maximum_memory_pool_size: + description: + - N/A + type: int + memory_pool_size: + description: + - N/A + type: int + interfaces: + description: + - Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed. + type: list + suboptions: + name: + description: + - Object name. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - N/A + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + ips: + description: + - Intrusion Prevention System blade enabled. + type: bool + logs_settings: + description: + - N/A + type: dict + suboptions: + alert_when_free_disk_space_below: + description: + - N/A + type: bool + alert_when_free_disk_space_below_threshold: + description: + - N/A + type: int + alert_when_free_disk_space_below_type: + description: + - N/A + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + before_delete_keep_logs_from_the_last_days: + description: + - N/A + type: bool + before_delete_keep_logs_from_the_last_days_threshold: + description: + - N/A + type: int + before_delete_run_script: + description: + - N/A + type: bool + before_delete_run_script_command: + description: + - N/A + type: str + delete_index_files_older_than_days: + description: + - N/A + type: bool + delete_index_files_older_than_days_threshold: + description: + - N/A + type: int + delete_index_files_when_index_size_above: + description: + - N/A + type: bool + delete_index_files_when_index_size_above_threshold: + description: + - N/A + type: int + delete_when_free_disk_space_below: + description: + - N/A + type: bool + delete_when_free_disk_space_below_threshold: + description: + - N/A + type: int + detect_new_citrix_ica_application_names: + description: + - N/A + type: bool + forward_logs_to_log_server: + description: + - N/A + type: bool + forward_logs_to_log_server_name: + description: + - N/A + type: str + forward_logs_to_log_server_schedule_name: + description: + - N/A + type: str + free_disk_space_metrics: + description: + - N/A + type: str + choices: ['mbytes', 'percent'] + perform_log_rotate_before_log_forwarding: + description: + - N/A + type: bool + reject_connections_when_free_disk_space_below_threshold: + description: + - N/A + type: bool + reserve_for_packet_capture_metrics: + description: + - N/A + type: str + choices: ['percent', 'mbytes'] + reserve_for_packet_capture_threshold: + description: + - N/A + type: int + rotate_log_by_file_size: + description: + - N/A + type: bool + rotate_log_file_size_threshold: + description: + - N/A + type: int + rotate_log_on_schedule: + description: + - N/A + type: bool + rotate_log_schedule_name: + description: + - N/A + type: str + stop_logging_when_free_disk_space_below: + description: + - N/A + type: bool + stop_logging_when_free_disk_space_below_threshold: + description: + - N/A + type: int + turn_on_qos_logging: + description: + - N/A + type: bool + update_account_log_every: + description: + - N/A + type: int + one_time_password: + description: + - N/A + type: str + os_name: + description: + - Gateway platform operating system. + type: str + save_logs_locally: + description: + - Save logs locally on the gateway. + type: bool + send_alerts_to_server: + description: + - Server(s) to send alerts to. + type: list + send_logs_to_backup_server: + description: + - Backup server(s) to send logs to. + type: list + send_logs_to_server: + description: + - Server(s) to send logs to. + type: list + tags: + description: + - Collection of tag identifiers. + type: list + threat_emulation: + description: + - Threat Emulation blade enabled. + type: bool + threat_extraction: + description: + - Threat Extraction blade enabled. + type: bool + url_filtering: + description: + - URL Filtering blade enabled. + type: bool + gateway_version: + description: + - Gateway platform version. + type: str + vpn: + description: + - VPN blade enabled. + type: bool + vpn_settings: + description: + - Gateway VPN settings. + type: dict + suboptions: + maximum_concurrent_ike_negotiations: + description: + - N/A + type: int + maximum_concurrent_tunnels: + description: + - N/A + type: int + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-simple-gateway + cp_mgmt_simple_gateway: + ip_address: 192.0.2.1 + name: gw1 + state: present + +- name: set-simple-gateway + cp_mgmt_simple_gateway: + anti_bot: true + anti_virus: true + application_control: true + ips: true + name: test_gateway + state: present + threat_emulation: true + url_filtering: true + +- name: delete-simple-gateway + cp_mgmt_simple_gateway: + name: gw1 + state: absent +""" + +RETURN = """ +cp_mgmt_simple_gateway: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + application_control=dict(type='bool'), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + firewall_settings=dict(type='dict', options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), + auto_maximum_limit_for_concurrent_connections=dict(type='bool'), + connections_hash_size=dict(type='int'), + maximum_limit_for_concurrent_connections=dict(type='int'), + maximum_memory_pool_size=dict(type='int'), + memory_pool_size=dict(type='int') + )), + interfaces=dict(type='list', options=dict( + name=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']) + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', + 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', + 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ips=dict(type='bool'), + logs_settings=dict(type='dict', options=dict( + alert_when_free_disk_space_below=dict(type='bool'), + alert_when_free_disk_space_below_threshold=dict(type='int'), + alert_when_free_disk_space_below_type=dict(type='str', choices=['none', + 'log', 'popup alert', 'mail alert', 'snmp trap alert', + 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + before_delete_keep_logs_from_the_last_days=dict(type='bool'), + before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'), + before_delete_run_script=dict(type='bool'), + before_delete_run_script_command=dict(type='str'), + delete_index_files_older_than_days=dict(type='bool'), + delete_index_files_older_than_days_threshold=dict(type='int'), + delete_index_files_when_index_size_above=dict(type='bool'), + delete_index_files_when_index_size_above_threshold=dict(type='int'), + delete_when_free_disk_space_below=dict(type='bool'), + delete_when_free_disk_space_below_threshold=dict(type='int'), + detect_new_citrix_ica_application_names=dict(type='bool'), + forward_logs_to_log_server=dict(type='bool'), + forward_logs_to_log_server_name=dict(type='str'), + forward_logs_to_log_server_schedule_name=dict(type='str'), + free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']), + perform_log_rotate_before_log_forwarding=dict(type='bool'), + reject_connections_when_free_disk_space_below_threshold=dict(type='bool'), + reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']), + reserve_for_packet_capture_threshold=dict(type='int'), + rotate_log_by_file_size=dict(type='bool'), + rotate_log_file_size_threshold=dict(type='int'), + rotate_log_on_schedule=dict(type='bool'), + rotate_log_schedule_name=dict(type='str'), + stop_logging_when_free_disk_space_below=dict(type='bool'), + stop_logging_when_free_disk_space_below_threshold=dict(type='int'), + turn_on_qos_logging=dict(type='bool'), + update_account_log_every=dict(type='int') + )), + one_time_password=dict(type='str'), + os_name=dict(type='str'), + save_logs_locally=dict(type='bool'), + send_alerts_to_server=dict(type='list'), + send_logs_to_backup_server=dict(type='list'), + send_logs_to_server=dict(type='list'), + tags=dict(type='list'), + threat_emulation=dict(type='bool'), + threat_extraction=dict(type='bool'), + url_filtering=dict(type='bool'), + gateway_version=dict(type='str'), + vpn=dict(type='bool'), + vpn_settings=dict(type='dict', options=dict( + maximum_concurrent_ike_negotiations=dict(type='int'), + maximum_concurrent_tunnels=dict(type='int') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'simple-gateway' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py new file mode 100644 index 00000000..0c4e8eb8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_gateway_facts +short_description: Get simple-gateway objects facts on Check Point over Web Services API +description: + - Get simple-gateway objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-simple-gateway + cp_mgmt_simple_gateway_facts: + name: gw1 + +- name: show-simple-gateways + cp_mgmt_simple_gateway_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "simple-gateway" + api_call_object_plural_version = "simple-gateways" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py new file mode 100644 index 00000000..ed01eab2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tag +short_description: Manages tag objects on Check Point over Web Services API +description: + - Manages tag objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-tag + cp_mgmt_tag: + name: My New Tag1 + state: present + tags: + - tag1 + - tag2 + +- name: delete-tag + cp_mgmt_tag: + name: My New Tag1 + state: absent +""" + +RETURN = """ +cp_mgmt_tag: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'tag' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py new file mode 100644 index 00000000..8f6f5da7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tag_facts +short_description: Get tag objects facts on Check Point over Web Services API +description: + - Get tag objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-tag + cp_mgmt_tag_facts: + name: f96b37ec-e22e-4945-8bbf-d37b117914e0 + +- name: show-tags + cp_mgmt_tag_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "tag" + api_call_object_plural_version = "tags" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py new file mode 100644 index 00000000..6240101b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py @@ -0,0 +1,213 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_exception +short_description: Manages threat-exception objects on Check Point over Web Services API +description: + - Manages threat-exception objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the exception. + type: str + required: True + position: + description: + - Position in the rulebase. + type: str + exception_group_uid: + description: + - The UID of the exception-group. + type: str + exception_group_name: + description: + - The name of the exception-group. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + rule_name: + description: + - The name of the parent rule. + type: str + action: + description: + - Action-the enforced profile. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + protected_scope: + description: + - Collection of objects defining Protected Scope identified by the name or UID. + type: list + protected_scope_negate: + description: + - True if negate is set for Protected Scope. + type: bool + protection_or_site: + description: + - Name of the protection or site. + type: list + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + service_negate: + description: + - True if negate is set for Service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + source_negate: + description: + - True if negate is set for source. + type: bool + track: + description: + - Packet tracking. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-exception + cp_mgmt_threat_exception: + layer: New Layer 1 + name: Exception Rule + position: 1 + protected_scope: All_Internet + rule_name: Threat Rule 1 + state: present + track: Log + +- name: set-threat-exception + cp_mgmt_threat_exception: + layer: New Layer 1 + name: Exception Rule + rule_name: Threat Rule 1 + state: present + +- name: delete-threat-exception + cp_mgmt_threat_exception: + name: Exception Rule + layer: New Layer 1 + rule_name: Threat Rule 1 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_exception: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + position=dict(type='str'), + exception_group_uid=dict(type='str'), + exception_group_name=dict(type='str'), + layer=dict(type='str'), + rule_name=dict(type='str'), + action=dict(type='str'), + destination=dict(type='list'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list'), + protected_scope=dict(type='list'), + protected_scope_negate=dict(type='bool'), + protection_or_site=dict(type='list'), + service=dict(type='list'), + service_negate=dict(type='bool'), + source=dict(type='list'), + source_negate=dict(type='bool'), + track=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-exception' + + if module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py new file mode 100644 index 00000000..1d112e14 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py @@ -0,0 +1,222 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_exception_facts +short_description: Get threat-exception objects facts on Check Point over Web Services API +description: + - Get threat-exception objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the layer containing the parent threat rule. + This parameter is relevant only for getting few objects. + type: str + exception_group_uid: + description: + - The UID of the exception-group. + type: str + exception_group_name: + description: + - The name of the exception-group. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + rule_name: + description: + - The name of the parent rule. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-exception + cp_mgmt_threat_exception_facts: + name: Exception Rule + layer: New Layer 1 + rule_name: Threat Rule 1 + +- name: show-threat-rule-exception-rulebase + cp_mgmt_threat_exception_facts: + name: Standard Threat Prevention + rule_name: Threat Rule 1 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + exception_group_uid=dict(type='str'), + exception_group_name=dict(type='str'), + layer=dict(type='str'), + rule_name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "threat-exception" + api_call_object_plural_version = "threat-rule-exception-rulebase" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py new file mode 100644 index 00000000..8f897dcb --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py @@ -0,0 +1,271 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_indicator +short_description: Manages threat-indicator objects on Check Point over Web Services API +description: + - Manages threat-indicator objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + observables: + description: + - The indicator's observables. + type: list + suboptions: + name: + description: + - Object name. Should be unique in the domain. + type: str + md5: + description: + - A valid MD5 sequence. + type: str + url: + description: + - A valid URL. + type: str + ip_address: + description: + - A valid IP-Address. + type: str + ip_address_first: + description: + - A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the + 'ip-address-last' parameter. + type: str + ip_address_last: + description: + - A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the + 'ip-address-first' parameter. + type: str + domain: + description: + - The name of a domain. + type: str + mail_to: + description: + - A valid E-Mail address, recipient filed. + type: str + mail_from: + description: + - A valid E-Mail address, sender field. + type: str + mail_cc: + description: + - A valid E-Mail address, cc field. + type: str + mail_reply_to: + description: + - A valid E-Mail address, reply-to field. + type: str + mail_subject: + description: + - Subject of E-Mail. + type: str + confidence: + description: + - The confidence level the indicator has that a real threat has been uncovered. + type: str + choices: ['low', 'medium', 'high', 'critical'] + product: + description: + - The software blade that processes the observable, AV - AntiVirus, AB - AntiBot. + type: str + choices: ['AV', 'AB'] + severity: + description: + - The severity level of the threat. + type: str + choices: ['low', 'medium', 'high', 'critical'] + comments: + description: + - Comments string. + type: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + observables_raw_data: + description: + - The contents of a file containing the indicator's observables. + type: str + action: + description: + - The indicator's action. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + profile_overrides: + description: + - Profiles in which to override the indicator's default action. + type: list + suboptions: + action: + description: + - The indicator's action in this profile. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + profile: + description: + - The profile in which to override the indicator's action. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-indicator + cp_mgmt_threat_indicator: + action: ask + ignore_warnings: true + name: My_Indicator + observables: + - confidence: medium + mail_to: someone@somewhere.com + name: My_Observable + product: AV + severity: low + profile_overrides: + - action: detect + profile: My_Profile + state: present + +- name: set-threat-indicator + cp_mgmt_threat_indicator: + action: prevent + ignore_warnings: true + name: My_Indicator + state: present + +- name: delete-threat-indicator + cp_mgmt_threat_indicator: + name: My_Indicator + state: absent +""" + +RETURN = """ +cp_mgmt_threat_indicator: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + observables=dict(type='list', options=dict( + name=dict(type='str'), + md5=dict(type='str'), + url=dict(type='str'), + ip_address=dict(type='str'), + ip_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + domain=dict(type='str'), + mail_to=dict(type='str'), + mail_from=dict(type='str'), + mail_cc=dict(type='str'), + mail_reply_to=dict(type='str'), + mail_subject=dict(type='str'), + confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']), + product=dict(type='str', choices=['AV', 'AB']), + severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']), + comments=dict(type='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + observables_raw_data=dict(type='str'), + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + profile_overrides=dict(type='list', options=dict( + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + profile=dict(type='str') + )), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-indicator' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py new file mode 100644 index 00000000..7e220714 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_indicator_facts +short_description: Get threat-indicator objects facts on Check Point over Web Services API +description: + - Get threat-indicator objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-indicator + cp_mgmt_threat_indicator_facts: + name: My_Indicator + +- name: show-threat-indicators + cp_mgmt_threat_indicator_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "threat-indicator" + api_call_object_plural_version = "threat-indicators" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py new file mode 100644 index 00000000..8d2dfd50 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_layer +short_description: Manages threat-layer objects on Check Point over Web Services API +description: + - Manages threat-layer objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + add_default_rule: + description: + - Indicates whether to include a default rule in the new layer. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-layer + cp_mgmt_threat_layer: + name: New Layer 1 + state: present + +- name: delete-threat-layer + cp_mgmt_threat_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + add_default_rule=dict(type='bool'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py new file mode 100644 index 00000000..56845031 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_layer_facts +short_description: Get threat-layer objects facts on Check Point over Web Services API +description: + - Get threat-layer objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-layer + cp_mgmt_threat_layer_facts: + name: New Layer 1 + +- name: show-threat-layers + cp_mgmt_threat_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "threat-layer" + api_call_object_plural_version = "threat-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py new file mode 100644 index 00000000..300ad2c1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py @@ -0,0 +1,400 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_profile +short_description: Manages threat-profile objects on Check Point over Web Services API +description: + - Manages threat-profile objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + active_protections_performance_impact: + description: + - Protections with this performance impact only will be activated in the profile. + type: str + choices: ['high', 'medium', 'low', 'very_low'] + active_protections_severity: + description: + - Protections with this severity only will be activated in the profile. + type: str + choices: ['Critical', 'High', 'Medium or above', 'Low or above'] + confidence_level_high: + description: + - Action for protections with high confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + confidence_level_low: + description: + - Action for protections with low confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + confidence_level_medium: + description: + - Action for protections with medium confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + indicator_overrides: + description: + - Indicators whose action will be overridden in this profile. + type: list + suboptions: + action: + description: + - The indicator's action in this profile. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + indicator: + description: + - The indicator whose action is to be overridden. + type: str + ips_settings: + description: + - IPS blade settings. + type: dict + suboptions: + exclude_protection_with_performance_impact: + description: + - Whether to exclude protections depending on their level of performance impact. + type: bool + exclude_protection_with_performance_impact_mode: + description: + - Exclude protections with this level of performance impact. + type: str + choices: ['very low', 'low or lower', 'medium or lower', 'high or lower'] + exclude_protection_with_severity: + description: + - Whether to exclude protections depending on their level of severity. + type: bool + exclude_protection_with_severity_mode: + description: + - Exclude protections with this level of severity. + type: str + choices: ['low or above', 'medium or above', 'high or above', 'critical'] + newly_updated_protections: + description: + - Activation of newly updated protections. + type: str + choices: ['active', 'inactive', 'staging'] + malicious_mail_policy_settings: + description: + - Malicious Mail Policy for MTA Gateways. + type: dict + suboptions: + add_customized_text_to_email_body: + description: + - Add customized text to the malicious email body. + type: bool + add_email_subject_prefix: + description: + - Add a prefix to the malicious email subject. + type: bool + add_x_header_to_email: + description: + - Add an X-Header to the malicious email. + type: bool + email_action: + description: + - Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and + links, add x-header, etc...). + type: str + choices: ['allow', 'block'] + email_body_customized_text: + description: + - Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. + type: str + email_subject_prefix_text: + description: + - Prefix for the malicious email subject. + type: str + failed_to_scan_attachments_text: + description: + - Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file + name.<br> $md5$ - MD5 of the malicious file. + type: str + malicious_attachments_text: + description: + - Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - + MD5 of the malicious file. + type: str + malicious_links_text: + description: + - Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. + type: str + remove_attachments_and_links: + description: + - Remove attachments and links from the malicious email. + type: bool + send_copy: + description: + - Send a copy of the malicious email to the recipient list. + type: bool + send_copy_list: + description: + - Recipient list to send a copy of the malicious email. + type: list + overrides: + description: + - Overrides per profile for this protection. + type: list + suboptions: + action: + description: + - Protection action. + type: str + choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept'] + protection: + description: + - IPS protection identified by name or UID. + type: str + capture_packets: + description: + - Capture packets. + type: bool + track: + description: + - Tracking method for protection. + type: str + choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'] + tags: + description: + - Collection of tag identifiers. + type: list + use_indicators: + description: + - Indicates whether the profile should make use of indicators. + type: bool + anti_bot: + description: + - Is Anti-Bot blade activated. + type: bool + anti_virus: + description: + - Is Anti-Virus blade activated. + type: bool + ips: + description: + - Is IPS blade activated. + type: bool + threat_emulation: + description: + - Is Threat Emulation blade activated. + type: bool + activate_protections_by_extended_attributes: + description: + - Activate protections by these extended attributes. + type: list + suboptions: + name: + description: + - IPS tag name. + type: str + category: + description: + - IPS tag category name. + type: str + deactivate_protections_by_extended_attributes: + description: + - Deactivate protections by these extended attributes. + type: list + suboptions: + name: + description: + - IPS tag name. + type: str + category: + description: + - IPS tag category name. + type: str + use_extended_attributes: + description: + - Whether to activate/deactivate IPS protections according to the extended attributes. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-profile + cp_mgmt_threat_profile: + active_protections_performance_impact: low + active_protections_severity: low or above + anti_bot: true + anti_virus: true + confidence_level_high: prevent + confidence_level_medium: prevent + ips: true + ips_settings: + exclude_protection_with_performance_impact: true + exclude_protection_with_performance_impact_mode: high or lower + newly_updated_protections: staging + name: New Profile 1 + state: present + threat_emulation: true + +- name: set-threat-profile + cp_mgmt_threat_profile: + active_protections_performance_impact: low + active_protections_severity: low or above + anti_bot: true + anti_virus: false + comments: update recommended profile + confidence_level_high: prevent + confidence_level_low: prevent + confidence_level_medium: prevent + ips: false + ips_settings: + exclude_protection_with_performance_impact: true + exclude_protection_with_performance_impact_mode: high or lower + newly_updated_protections: active + name: New Profile 1 + state: present + threat_emulation: true + +- name: delete-threat-profile + cp_mgmt_threat_profile: + name: New Profile 1 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']), + active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']), + confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + indicator_overrides=dict(type='list', options=dict( + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + indicator=dict(type='str') + )), + ips_settings=dict(type='dict', options=dict( + exclude_protection_with_performance_impact=dict(type='bool'), + exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']), + exclude_protection_with_severity=dict(type='bool'), + exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']), + newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging']) + )), + malicious_mail_policy_settings=dict(type='dict', options=dict( + add_customized_text_to_email_body=dict(type='bool'), + add_email_subject_prefix=dict(type='bool'), + add_x_header_to_email=dict(type='bool'), + email_action=dict(type='str', choices=['allow', 'block']), + email_body_customized_text=dict(type='str'), + email_subject_prefix_text=dict(type='str'), + failed_to_scan_attachments_text=dict(type='str'), + malicious_attachments_text=dict(type='str'), + malicious_links_text=dict(type='str'), + remove_attachments_and_links=dict(type='bool'), + send_copy=dict(type='bool'), + send_copy_list=dict(type='list') + )), + overrides=dict(type='list', options=dict( + action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), + protection=dict(type='str'), + capture_packets=dict(type='bool'), + track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) + )), + tags=dict(type='list'), + use_indicators=dict(type='bool'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + ips=dict(type='bool'), + threat_emulation=dict(type='bool'), + activate_protections_by_extended_attributes=dict(type='list', options=dict( + name=dict(type='str'), + category=dict(type='str') + )), + deactivate_protections_by_extended_attributes=dict(type='list', options=dict( + name=dict(type='str'), + category=dict(type='str') + )), + use_extended_attributes=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py new file mode 100644 index 00000000..adb6a3bb --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_profile_facts +short_description: Get threat-profile objects facts on Check Point over Web Services API +description: + - Get threat-profile objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-profile + cp_mgmt_threat_profile_facts: + name: Recommended_Profile + +- name: show-threat-profiles + cp_mgmt_threat_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "threat-profile" + api_call_object_plural_version = "threat-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py new file mode 100644 index 00000000..d2c1ffe3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_protection_override +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + comments: + description: + - Protection comments. + type: str + follow_up: + description: + - Tag the protection with pre-defined follow-up flag. + type: bool + overrides: + description: + - Overrides per profile for this protection<br> Note, Remove override for Core protections removes only the action's override. Remove override + for Threat Cloud protections removes the action, track and packet captures. + type: list + suboptions: + action: + description: + - Protection action. + type: str + choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept'] + profile: + description: + - Profile name. + type: str + capture_packets: + description: + - Capture packets. + type: bool + track: + description: + - Tracking method for protection. + type: str + choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: threat_protection_override + cp_mgmt_threat_protection_override: + name: FTP Commands + overrides: + - action: inactive + capture_packets: true + profile: New Profile 1 + track: None + state: present +""" + +RETURN = """ +cp_mgmt_threat_protection_override: + description: The checkpoint threat_protection_override output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + comments=dict(type='str'), + follow_up=dict(type='bool'), + overrides=dict(type='list', options=dict( + action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), + profile=dict(type='str'), + capture_packets=dict(type='bool'), + track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-threat-protection" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py new file mode 100644 index 00000000..5817e977 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py @@ -0,0 +1,209 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_rule +short_description: Manages threat-rule objects on Check Point over Web Services API +description: + - Manages threat-rule objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + position: + description: + - Position in the rulebase. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + name: + description: + - Object name. + type: str + required: True + action: + description: + - Action-the enforced profile. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + protected_scope: + description: + - Collection of objects defining Protected Scope identified by the name or UID. + type: list + protected_scope_negate: + description: + - True if negate is set for Protected Scope. + type: bool + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + service_negate: + description: + - True if negate is set for Service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + source_negate: + description: + - True if negate is set for source. + type: bool + track: + description: + - Packet tracking. + type: str + track_settings: + description: + - Threat rule track settings. + type: dict + suboptions: + packet_capture: + description: + - Packet capture. + type: bool + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-rule + cp_mgmt_threat_rule: + comments: '' + install_on: Policy Targets + layer: New Layer 1 + name: First threat rule + position: 1 + protected_scope: All_Internet + state: present + track: None + +- name: set-threat-rule + cp_mgmt_threat_rule: + action: New Profile 1 + comments: commnet for the first rule + install_on: Policy Targets + layer: New Layer 1 + name: Rule Name + position: 1 + protected_scope: All_Internet + state: present + +- name: delete-threat-rule + cp_mgmt_threat_rule: + layer: New Layer 1 + name: Rule Name + state: absent +""" + +RETURN = """ +cp_mgmt_threat_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + position=dict(type='str'), + layer=dict(type='str'), + name=dict(type='str', required=True), + action=dict(type='str'), + destination=dict(type='list'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list'), + protected_scope=dict(type='list'), + protected_scope_negate=dict(type='bool'), + service=dict(type='list'), + service_negate=dict(type='bool'), + source=dict(type='list'), + source_negate=dict(type='bool'), + track=dict(type='str'), + track_settings=dict(type='dict', options=dict( + packet_capture=dict(type='bool') + )), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-rule' + + if module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py new file mode 100644 index 00000000..cc62781a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py @@ -0,0 +1,209 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_rule_facts +short_description: Get threat-rule objects facts on Check Point over Web Services API +description: + - Get threat-rule objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. Should be unique in the domain. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-rule + cp_mgmt_threat_rule_facts: + layer: New Layer 1 + name: Rule Name + +- name: show-threat-rulebase + cp_mgmt_threat_rule_facts: + details_level: standard + filter: '' + limit: 20 + name: Threat Prevention + offset: 0 + use_object_dictionary: false +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "threat-rule" + api_call_object_plural_version = "threat-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py new file mode 100644 index 00000000..f522f9ce --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py @@ -0,0 +1,280 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time +short_description: Manages time objects on Check Point over Web Services API +description: + - Manages time objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + end: + description: + - End time. Note, Each gateway may interpret this time differently according to its time zone. + type: dict + suboptions: + date: + description: + - Date in format dd-MMM-yyyy. + type: str + iso_8601: + description: + - Date and time represented in international ISO 8601 format. Time zone information is ignored. + type: str + posix: + description: + - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970. + type: int + time: + description: + - Time in format HH,mm. + type: str + end_never: + description: + - End never. + type: bool + hours_ranges: + description: + - Hours recurrence. Note, Each gateway may interpret this time differently according to its time zone. + type: list + suboptions: + enabled: + description: + - Is hour range enabled. + type: bool + from: + description: + - Time in format HH,MM. + type: str + index: + description: + - Hour range index. + type: int + to: + description: + - Time in format HH,MM. + type: str + start: + description: + - Starting time. Note, Each gateway may interpret this time differently according to its time zone. + type: dict + suboptions: + date: + description: + - Date in format dd-MMM-yyyy. + type: str + iso_8601: + description: + - Date and time represented in international ISO 8601 format. Time zone information is ignored. + type: str + posix: + description: + - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970. + type: int + time: + description: + - Time in format HH,mm. + type: str + start_now: + description: + - Start immediately. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + recurrence: + description: + - Days recurrence. + type: dict + suboptions: + days: + description: + - Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"]. + type: list + month: + description: + - Valid on month. Example, "1", "2","12","Any". + type: str + pattern: + description: + - Valid on "Daily", "Weekly", "Monthly" base. + type: str + weekdays: + description: + - Valid on weekdays. Example, "Sun", "Mon"..."Sat". + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-time + cp_mgmt_time: + end: + date: 24-Nov-2014 + time: '21:22' + end_never: 'false' + hours_ranges: + - enabled: true + from: 00:00 + index: 1 + to: 00:00 + - enabled: false + from: 00:00 + index: 2 + to: 00:00 + name: timeObject1 + recurrence: + days: + - '1' + month: Any + pattern: Daily + weekdays: + - Sun + - Mon + start_now: 'true' + state: present + +- name: set-time + cp_mgmt_time: + hours_ranges: + - from: 00:22 + to: 00:33 + name: timeObject1 + recurrence: + month: Any + pattern: Weekly + weekdays: + - Fri + state: present + +- name: delete-time + cp_mgmt_time: + name: timeObject1 + state: absent +""" + +RETURN = """ +cp_mgmt_time: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + end=dict(type='dict', options=dict( + date=dict(type='str'), + iso_8601=dict(type='str'), + posix=dict(type='int'), + time=dict(type='str') + )), + end_never=dict(type='bool'), + hours_ranges=dict(type='list', options=dict( + enabled=dict(type='bool'), + index=dict(type='int'), + to=dict(type='str') + )), + start=dict(type='dict', options=dict( + date=dict(type='str'), + iso_8601=dict(type='str'), + posix=dict(type='int'), + time=dict(type='str') + )), + start_now=dict(type='bool'), + tags=dict(type='list'), + recurrence=dict(type='dict', options=dict( + days=dict(type='list'), + month=dict(type='str'), + pattern=dict(type='str'), + weekdays=dict(type='list') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['hours_ranges']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'time' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py new file mode 100644 index 00000000..f33d44f2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time_facts +short_description: Get time objects facts on Check Point over Web Services API +description: + - Get time objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-time + cp_mgmt_time_facts: + name: timeObject1 + +- name: show-times + cp_mgmt_time_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "time" + api_call_object_plural_version = "times" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py new file mode 100644 index 00000000..1d354656 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_uninstall_software_package +short_description: Uninstalls the software package from target machines. +description: + - Uninstalls the software package from target machines. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + cluster_installation_settings: + description: + - Installation settings for cluster. + type: dict + suboptions: + cluster_delay: + description: + - The delay between end of installation on one cluster members and start of installation on the next cluster member. + type: int + cluster_strategy: + description: + - The cluster installation strategy. + type: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: uninstall-software-package + cp_mgmt_uninstall_software_package: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_uninstall_software_package: + description: The checkpoint uninstall-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list'), + cluster_installation_settings=dict(type='dict', options=dict( + cluster_delay=dict(type='int'), + cluster_strategy=dict(type='str') + )), + concurrency_limit=dict(type='int') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "uninstall-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py new file mode 100644 index 00000000..8defc3f1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_policy +short_description: Verifies the policy of the selected package. +description: + - Verifies the policy of the selected package. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + policy_package: + description: + - Policy package identified by the name or UID. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-policy + cp_mgmt_verify_policy: + policy_package: standard +""" + +RETURN = """ +cp_mgmt_verify_policy: + description: The checkpoint verify-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + policy_package=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py new file mode 100644 index 00000000..d34ec5ac --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py @@ -0,0 +1,103 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_software_package +short_description: Verifies the software package on target machines. +description: + - Verifies the software package on target machines. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int + download_package: + description: + - NOTE, Supported from Check Point version R81 + - Should the package be downloaded before verification. + type: bool + download_package_from: + description: + - NOTE, Supported from Check Point version R81 + - Where is the package located. + type: str + choices: ['automatic', 'central', 'target-machine'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-software-package + cp_mgmt_verify_software_package: + download_package: 'true' + download_package_from: target-machine + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_verify_software_package: + description: The checkpoint verify-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list'), + concurrency_limit=dict(type='int'), + download_package=dict(type='bool'), + download_package_from=dict(type='str', choices=['automatic', 'central', 'target-machine']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py new file mode 100644 index 00000000..a88be8af --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py @@ -0,0 +1,229 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_meshed +short_description: Manages vpn-community-meshed objects on Check Point over Web Services API +description: + - Manages vpn-community-meshed objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + gateways: + description: + - Collection of Gateway objects identified by the name or UID. + type: list + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + shared_secrets: + description: + - Shared secrets for external gateways. + type: list + suboptions: + external_gateway: + description: + - External gateway identified by the name or UID. + type: str + shared_secret: + description: + - Shared secret. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + use_shared_secret: + description: + - Indicates whether the shared secret should be used for all external gateways. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + encryption_method: prefer ikev2 but support ikev1 + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Meshed_1 + state: present + +- name: set-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + encryption_method: ikev2 only + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Meshed_1 + state: present + +- name: delete-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + name: New_VPN_Community_Meshed_1 + state: absent +""" + +RETURN = """ +cp_mgmt_vpn_community_meshed: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + gateways=dict(type='list'), + ike_phase_1=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) + )), + ike_phase_2=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) + )), + shared_secrets=dict(type='list', options=dict( + external_gateway=dict(type='str'), + shared_secret=dict(type='str') + )), + tags=dict(type='list'), + use_shared_secret=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'vpn-community-meshed' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py new file mode 100644 index 00000000..014132a0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_meshed_facts +short_description: Get vpn-community-meshed objects facts on Check Point over Web Services API +description: + - Get vpn-community-meshed objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-meshed + cp_mgmt_vpn_community_meshed_facts: + name: New_VPN_Community_Meshed_1 + +- name: show-vpn-communities-meshed + cp_mgmt_vpn_community_meshed_facts: + details_level: full + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "vpn-community-meshed" + api_call_object_plural_version = "vpn-communities-meshed" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py new file mode 100644 index 00000000..3ec9a20a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py @@ -0,0 +1,240 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_star +short_description: Manages vpn-community-star objects on Check Point over Web Services API +description: + - Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + center_gateways: + description: + - Collection of Gateway objects representing center gateways identified by the name or UID. + type: list + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + mesh_center_gateways: + description: + - Indicates whether the meshed community is in center. + type: bool + satellite_gateways: + description: + - Collection of Gateway objects representing satellite gateways identified by the name or UID. + type: list + shared_secrets: + description: + - Shared secrets for external gateways. + type: list + suboptions: + external_gateway: + description: + - External gateway identified by the name or UID. + type: str + shared_secret: + description: + - Shared secret. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + use_shared_secret: + description: + - Indicates whether the shared secret should be used for all external gateways. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-vpn-community-star + cp_mgmt_vpn_community_star: + center_gateways: Second_Security_Gateway + encryption_method: prefer ikev2 but support ikev1 + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Star_1 + state: present + +- name: set-vpn-community-star + cp_mgmt_vpn_community_star: + encryption_method: ikev2 only + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Star_1 + state: present + +- name: delete-vpn-community-star + cp_mgmt_vpn_community_star: + name: New_VPN_Community_Star_1 + state: absent +""" + +RETURN = """ +cp_mgmt_vpn_community_star: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + center_gateways=dict(type='list'), + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + ike_phase_1=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) + )), + ike_phase_2=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) + )), + mesh_center_gateways=dict(type='bool'), + satellite_gateways=dict(type='list'), + shared_secrets=dict(type='list', options=dict( + external_gateway=dict(type='str'), + shared_secret=dict(type='str') + )), + tags=dict(type='list'), + use_shared_secret=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'vpn-community-star' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py new file mode 100644 index 00000000..816dd583 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_star_facts +short_description: Get vpn-community-star objects facts on Check Point over Web Services API +description: + - Get vpn-community-star objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-star + cp_mgmt_vpn_community_star_facts: + name: New_VPN_Community_Meshed_1 + +- name: show-vpn-communities-star + cp_mgmt_vpn_community_star_facts: + details_level: full + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "vpn-community-star" + api_call_object_plural_version = "vpn-communities-star" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py new file mode 100644 index 00000000..bc554d13 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_wildcard +short_description: Manages wildcard objects on Check Point over Web Services API +description: + - Manages wildcard objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ipv4_address: + description: + - IPv4 address. + type: str + ipv4_mask_wildcard: + description: + - IPv4 mask wildcard. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + ipv6_mask_wildcard: + description: + - IPv6 mask wildcard. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-wildcard + cp_mgmt_wildcard: + ipv4_address: 192.168.2.1 + ipv4_mask_wildcard: 0.0.0.128 + name: New Wildcard 1 + state: present + +- name: set-wildcard + cp_mgmt_wildcard: + color: green + ipv6_address: 2001:db8::1111 + ipv6_mask_wildcard: ffff:ffff::f0f0 + name: New Wildcard 1 + state: present + +- name: delete-wildcard + cp_mgmt_wildcard: + name: New Wildcard 1 + state: absent +""" + +RETURN = """ +cp_mgmt_wildcard: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ipv4_address=dict(type='str'), + ipv4_mask_wildcard=dict(type='str'), + ipv6_address=dict(type='str'), + ipv6_mask_wildcard=dict(type='str'), + tags=dict(type='list'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'wildcard' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py new file mode 100644 index 00000000..0e620d78 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_wildcard_facts +short_description: Get wildcard objects facts on Check Point over Web Services API +description: + - Get wildcard objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.9" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-wildcard + cp_mgmt_wildcard_facts: + name: New Wildcard 1 + +- name: show-wildcards + cp_mgmt_wildcard_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec) + + api_call_object = "wildcard" + api_call_object_plural_version = "wildcards" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_access_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_access_rule.py new file mode 100644 index 00000000..e5f70bdb --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_access_rule.py @@ -0,0 +1,107 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_access_rule + +OBJECT = {'layer': 'foo', 'position': 'bar', 'name': 'baz', + 'source': [{'name': 'lol'}], 'destination': [{'name': 'Any'}], + 'action': {'name': 'drop'}, 'enabled': True} +PAYLOAD = {'layer': 'foo', 'position': 'bar', 'name': 'baz'} + + +class TestCheckpointAccessRule(object): + module = _checkpoint_access_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_access_rule_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.get_access_rule') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + @pytest.fixture + def get_access_rule_404(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.get_access_rule') + mock_function.return_value = (404, 'Object not found') + return mock_function.return_value + + def test_create(self, get_access_rule_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert 'checkpoint_access_rules' in result + + def test_create_idempotent(self, get_access_rule_200, connection_mock): + connection_mock.send_request.return_value = (200, PAYLOAD) + result = self._run_module(PAYLOAD) + + assert not result['changed'] + + def test_update(self, get_access_rule_200, connection_mock): + payload_for_update = {'enabled': False} + payload_for_update.update(PAYLOAD) + connection_mock.send_request.return_value = (200, payload_for_update) + result = self._run_module(payload_for_update) + + assert result['changed'] + assert not result['checkpoint_access_rules']['enabled'] + + def test_delete(self, get_access_rule_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + payload_for_delete = {'state': 'absent'} + payload_for_delete.update(PAYLOAD) + result = self._run_module(payload_for_delete) + + assert result['changed'] + + def test_delete_idempotent(self, get_access_rule_404, connection_mock): + payload = {'name': 'baz', 'state': 'absent'} + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(payload) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_host.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_host.py new file mode 100644 index 00000000..b5720c5d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_host.py @@ -0,0 +1,101 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_host + +OBJECT = {'name': 'foo', 'ipv4-address': '192.168.0.15'} +CREATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.15'} +UPDATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.16'} +DELETE_PAYLOAD = {'name': 'foo', 'state': 'absent'} + + +class TestCheckpointHost(object): + module = _checkpoint_host + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_host_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + @pytest.fixture + def get_host_404(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (404, 'Object not found') + return mock_function.return_value + + def test_create(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert 'checkpoint_hosts' in result + + def test_create_idempotent(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + + def test_delete(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_session.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_session.py new file mode 100644 index 00000000..f0ca8358 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_session.py @@ -0,0 +1,69 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_session + +OBJECT = {'uid': '1234'} +PAYLOAD = {} + + +class TestCheckpointAccessRule(object): + module = _checkpoint_session + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_session.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_session_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_session.get_session') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + def test_publish(self, get_session_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert 'checkpoint_session' in result + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_task_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_task_facts.py new file mode 100644 index 00000000..b5720c5d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_task_facts.py @@ -0,0 +1,101 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_host + +OBJECT = {'name': 'foo', 'ipv4-address': '192.168.0.15'} +CREATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.15'} +UPDATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.16'} +DELETE_PAYLOAD = {'name': 'foo', 'state': 'absent'} + + +class TestCheckpointHost(object): + module = _checkpoint_host + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_host_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + @pytest.fixture + def get_host_404(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (404, 'Object not found') + return mock_function.return_value + + def test_create(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert 'checkpoint_hosts' in result + + def test_create_idempotent(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + + def test_delete(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer.py new file mode 100644 index 00000000..7dc292f7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer.py @@ -0,0 +1,110 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_layer + +OBJECT = { + "name": "New Layer 1" +} + +CREATE_PAYLOAD = { + "name": "New Layer 1" +} + +UPDATE_PAYLOAD = { + "name": "New Layer 1", + "applications_and_url_filtering": False +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Layer 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_layer.api_call' +api_call_object = 'access-layer' + + +class TestCheckpointAccessLayer(object): + module = cp_mgmt_access_layer + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer_facts.py new file mode 100644 index 00000000..e7a4d5f1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_layer_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'access-layer' +api_call_object_plural_version = 'access-layers' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAccessLayerFacts(object): + module = cp_mgmt_access_layer_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role.py new file mode 100644 index 00000000..ad5194b1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role.py @@ -0,0 +1,119 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_role + +OBJECT = { + "name": "New Access Role 1", + "networks": "any", + "users": "any", + "machines": "all identified", + "remote_access_clients": "any" +} + +CREATE_PAYLOAD = { + "name": "New Access Role 1", + "networks": "any", + "users": "any", + "machines": "all identified", + "remote_access_clients": "any" +} + +UPDATE_PAYLOAD = { + "name": "New Access Role 1", + "users": "all identified", + "machines": "any" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Access Role 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_role.api_call' +api_call_object = 'access-role' + + +class TestCheckpointAccessRole(object): + module = cp_mgmt_access_role + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role_facts.py new file mode 100644 index 00000000..55416777 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_role_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'access-role' +api_call_object_plural_version = 'access-roles' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAccessRoleFacts(object): + module = cp_mgmt_access_role_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule.py new file mode 100644 index 00000000..b0163d70 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule.py @@ -0,0 +1,124 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_rule + +OBJECT = { + "layer": "Network", + "name": "Rule 1", + "service": [ + "SMTP", + "AOL" + ] +} + +CREATE_PAYLOAD = { + "layer": "Network", + "name": "Rule 1", + "service": [ + "SMTP", + "AOL" + ] +} + +UPDATE_PAYLOAD = { + "name": "Rule 1", + "layer": "Network", + "action_settings": { + "limit": "Upload_1Gbps", + "enable_identity_captive_portal": True + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Rule 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_rule.api_call' +api_call_object = 'access-rule' + + +class TestCheckpointAccessRule(object): + module = cp_mgmt_access_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule_facts.py new file mode 100644 index 00000000..87f532c4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_rule_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'access-rule' +api_call_object_plural_version = 'access-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAccessRuleFacts(object): + module = cp_mgmt_access_rule_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_section.py new file mode 100644 index 00000000..1adc7d5e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_section.py @@ -0,0 +1,114 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_section + +OBJECT = { + "layer": "Network", + "position": 1, + "name": "New Section 1" +} + +CREATE_PAYLOAD = { + "layer": "Network", + "position": 1, + "name": "New Section 1" +} + +UPDATE_PAYLOAD = { + "layer": "Network", + "name": "New Section 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Section 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_section.api_call' +api_call_object = 'access-section' + + +class TestCheckpointAccessSection(object): + module = cp_mgmt_access_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_api_key.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_api_key.py new file mode 100644 index 00000000..a3977c56 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_api_key.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_api_key + +PAYLOAD = { + "admin_name": "admin", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'add-api-key' +failure_msg = '{command failed}' + + +class TestCheckpointAddApiKey(object): + module = cp_mgmt_add_api_key + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_data_center_object.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_data_center_object.py new file mode 100644 index 00000000..63e65675 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_data_center_object.py @@ -0,0 +1,73 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_data_center_object + +PAYLOAD = { + "uri": "/Datacenters/VMs/My VM1", + "name": "VM1 mgmt name", + "data_center_name": "vCenter 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'add-data-center-object' +failure_msg = '{command failed}' + + +class TestCheckpointAddDataCenterObject(object): + module = cp_mgmt_add_data_center_object + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_nat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_nat_rule.py new file mode 100644 index 00000000..dc5dbbf8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_nat_rule.py @@ -0,0 +1,79 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_nat_rule + +PAYLOAD = { + "package": "standard", + "position": 1, + "comments": "comment example1 nat999", + "enabled": False, + "install_on": [ + "Policy Targets" + ], + "original_source": "Any", + "original_destination": "All_Internet", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'add-nat-rule' +failure_msg = '{command failed}' + + +class TestCheckpointAddNatRule(object): + module = cp_mgmt_add_nat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range.py new file mode 100644 index 00000000..42f494e0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range.py @@ -0,0 +1,116 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_address_range + +OBJECT = { + "name": "New Address Range 1", + "ip_address_first": "192.0.2.1", + "ip_address_last": "192.0.2.10" +} + +CREATE_PAYLOAD = { + "name": "New Address Range 1", + "ip_address_first": "192.0.2.1", + "ip_address_last": "192.0.2.10" +} + +UPDATE_PAYLOAD = { + "name": "New Address Range 1", + "color": "blue", + "ip_address_first": "192.0.2.1", + "ip_address_last": "192.0.2.1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Address Range 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_address_range.api_call' +api_call_object = 'address-range' + + +class TestCheckpointAddressRange(object): + module = cp_mgmt_address_range + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range_facts.py new file mode 100644 index 00000000..9f8da537 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_address_range_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'address-range' +api_call_object_plural_version = 'address-ranges' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAddressRangeFacts(object): + module = cp_mgmt_address_range_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator.py new file mode 100644 index 00000000..1c1b2714 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator.py @@ -0,0 +1,123 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_administrator + +OBJECT = { + "name": "admin", + "password": "secret", + "email": "admin@gmail.com", + "must_change_password": False, + "phone_number": "1800-800-800", + "authentication_method": "undefined", + "permissions_profile": "read write all" +} + +CREATE_PAYLOAD = { + "name": "admin", + "password": "secret", + "email": "admin@gmail.com", + "must_change_password": False, + "phone_number": "1800-800-800", + "authentication_method": "undefined", + "permissions_profile": "read write all" +} + +UPDATE_PAYLOAD = { + "name": "admin", + "password": "bew secret", + "permissions_profile": "read only profile" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "admin", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_administrator.api_call' +api_call_object = 'administrator' + + +class TestCheckpointAdministrator(object): + module = cp_mgmt_administrator + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator_facts.py new file mode 100644 index 00000000..157e2373 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_administrator_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'administrator' +api_call_object_plural_version = 'administrators' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAdministratorFacts(object): + module = cp_mgmt_administrator_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site.py new file mode 100644 index 00000000..7ddf93a2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site.py @@ -0,0 +1,136 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site + +OBJECT = { + "name": "New Application Site 1", + "description": "My Application Site", + "primary_category": "Social Networking", + "additional_categories": [ + "Instant Chat", + "Supports Streaming", + "New Application Site Category 1" + ], + "url_list": [ + "www.cnet.com", + "www.stackoverflow.com" + ], + "urls_defined_as_regular_expression": False +} + +CREATE_PAYLOAD = { + "name": "New Application Site 1", + "description": "My Application Site", + "primary_category": "Social Networking", + "additional_categories": [ + "Instant Chat", + "Supports Streaming", + "New Application Site Category 1" + ], + "url_list": [ + "www.cnet.com", + "www.stackoverflow.com" + ], + "urls_defined_as_regular_expression": False +} + +UPDATE_PAYLOAD = { + "name": "New Application Site 1", + "description": "My New Application Site", + "primary_category": "Instant Chat", + "urls_defined_as_regular_expression": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Application Site 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_application_site.api_call' +api_call_object = 'application-site' + + +class TestCheckpointApplicationSite(object): + module = cp_mgmt_application_site + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category.py new file mode 100644 index 00000000..787e2107 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category.py @@ -0,0 +1,112 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_category + +OBJECT = { + "name": "New Application Site Category 1", + "description": "My Application Site category" +} + +CREATE_PAYLOAD = { + "name": "New Application Site Category 1", + "description": "My Application Site category" +} + +UPDATE_PAYLOAD = { + "name": "New Application Site Category 1", + "description": "My new Application Site category" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Application Site Category 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_application_site_category.api_call' +api_call_object = 'application-site-category' + + +class TestCheckpointApplicationSiteCategory(object): + module = cp_mgmt_application_site_category + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category_facts.py new file mode 100644 index 00000000..a46f05fe --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_category_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'application-site-category' +api_call_object_plural_version = 'application-site-categories' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointApplicationSiteCategoryFacts(object): + module = cp_mgmt_application_site_category_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_facts.py new file mode 100644 index 00000000..05f9fcfa --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'application-site' +api_call_object_plural_version = 'application-sites' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointApplicationSiteFacts(object): + module = cp_mgmt_application_site_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group.py new file mode 100644 index 00000000..25c71bb0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group.py @@ -0,0 +1,121 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_group + +OBJECT = { + "name": "New Application Site Group 1", + "members": [ + "facebook", + "Social Networking", + "New Application Site 1", + "New Application Site Category 1" + ] +} + +CREATE_PAYLOAD = { + "name": "New Application Site Group 1", + "members": [ + "facebook", + "Social Networking", + "New Application Site 1", + "New Application Site Category 1" + ] +} + +UPDATE_PAYLOAD = { + "name": "New Application Site Group 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Application Site Group 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_application_site_group.api_call' +api_call_object = 'application-site-group' + + +class TestCheckpointApplicationSiteGroup(object): + module = cp_mgmt_application_site_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group_facts.py new file mode 100644 index 00000000..acc88017 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'application-site-group' +api_call_object_plural_version = 'application-site-groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointApplicationSiteGroupFacts(object): + module = cp_mgmt_application_site_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_assign_global_assignment.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_assign_global_assignment.py new file mode 100644 index 00000000..59b9245e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_assign_global_assignment.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_assign_global_assignment + +PAYLOAD = { + "global_domains": "Global2", + "dependent_domains": "domain1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'assign-global-assignment' +failure_msg = '{command failed}' + + +class TestCheckpointAssignGlobalAssignment(object): + module = cp_mgmt_assign_global_assignment + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_data_center_object_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_data_center_object_facts.py new file mode 100644 index 00000000..4a5ac2ec --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_data_center_object_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_data_center_object_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'data-center-object' +api_call_object_plural_version = 'data-center-objects' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointDataCenterObjectFacts(object): + module = cp_mgmt_data_center_object_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_api_key.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_api_key.py new file mode 100644 index 00000000..3fe6f254 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_api_key.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_api_key + +PAYLOAD = { + "api_key": "eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'delete-api-key' +failure_msg = '{command failed}' + + +class TestCheckpointDeleteApiKey(object): + module = cp_mgmt_delete_api_key + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_data_center_object.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_data_center_object.py new file mode 100644 index 00000000..19230772 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_data_center_object.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_data_center_object + +PAYLOAD = { + "name": "VM1 mgmt name", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'delete-data-center-object' +failure_msg = '{command failed}' + + +class TestCheckpointDeleteDataCenterObject(object): + module = cp_mgmt_delete_data_center_object + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_nat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_nat_rule.py new file mode 100644 index 00000000..9fbfae56 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_nat_rule.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_nat_rule + +PAYLOAD = { + "package": "standard", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'delete-nat-rule' +failure_msg = '{command failed}' + + +class TestCheckpointDeleteNatRule(object): + module = cp_mgmt_delete_nat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_discard.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_discard.py new file mode 100644 index 00000000..052b482e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_discard.py @@ -0,0 +1,70 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_discard + +PAYLOAD = { + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'discard' +failure_msg = '{command failed}' + + +class TestCheckpointDiscard(object): + module = cp_mgmt_discard + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain.py new file mode 100644 index 00000000..09b03155 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain.py @@ -0,0 +1,112 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dns_domain + +OBJECT = { + "name": ".www.example.com", + "is_sub_domain": False +} + +CREATE_PAYLOAD = { + "name": ".www.example.com", + "is_sub_domain": False +} + +UPDATE_PAYLOAD = { + "name": ".www.example.com", + "is_sub_domain": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": ".www.example.com", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_dns_domain.api_call' +api_call_object = 'dns-domain' + + +class TestCheckpointDnsDomain(object): + module = cp_mgmt_dns_domain + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain_facts.py new file mode 100644 index 00000000..3cfbe62b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dns_domain_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'dns-domain' +api_call_object_plural_version = 'dns-domains' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointDnsDomainFacts(object): + module = cp_mgmt_dns_domain_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object.py new file mode 100644 index 00000000..f168d60d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dynamic_object + +OBJECT = { + "name": "Dynamic_Object_1", + "comments": "My Dynamic Object 1", + "color": "yellow" +} + +CREATE_PAYLOAD = { + "name": "Dynamic_Object_1", + "comments": "My Dynamic Object 1", + "color": "yellow" +} + +UPDATE_PAYLOAD = { + "name": "Dynamic_Object_1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Dynamic_Object_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_dynamic_object.api_call' +api_call_object = 'dynamic-object' + + +class TestCheckpointDynamicObject(object): + module = cp_mgmt_dynamic_object + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object_facts.py new file mode 100644 index 00000000..add11efd --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dynamic_object_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'dynamic-object' +api_call_object_plural_version = 'dynamic-objects' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointDynamicObjectFacts(object): + module = cp_mgmt_dynamic_object_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group.py new file mode 100644 index 00000000..7fa127fd --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_exception_group + +OBJECT = { + "name": "exception_group_2", + "apply_on": "manually-select-threat-rules" +} + +CREATE_PAYLOAD = { + "name": "exception_group_2", + "apply_on": "manually-select-threat-rules" +} + +UPDATE_PAYLOAD = { + "name": "exception_group_2", + "tags": "tag3", + "apply_on": "all-threat-rules" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "exception_group_2", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_exception_group.api_call' +api_call_object = 'exception-group' + + +class TestCheckpointExceptionGroup(object): + module = cp_mgmt_exception_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group_facts.py new file mode 100644 index 00000000..dc3a56ba --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_exception_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'exception-group' +api_call_object_plural_version = 'exception-groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointExceptionGroupFacts(object): + module = cp_mgmt_exception_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment.py new file mode 100644 index 00000000..633059c8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_global_assignment + +OBJECT = { + "global_domain": "Global", + "dependent_domain": "domain2", + "global_access_policy": "standard", + "global_threat_prevention_policy": "standard", + "manage_protection_actions": True +} + +CREATE_PAYLOAD = { + "global_domain": "Global", + "dependent_domain": "domain2", + "global_access_policy": "standard", + "global_threat_prevention_policy": "standard", + "manage_protection_actions": True +} + +UPDATE_PAYLOAD = { + "global_domain": "Global2", + "dependent_domain": "domain1", + "global_threat_prevention_policy": "", + "manage_protection_actions": False +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = {} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_global_assignment.api_call' +api_call_object = 'global-assignment' + + +class TestCheckpointGlobalAssignment(object): + module = cp_mgmt_global_assignment + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment_facts.py new file mode 100644 index 00000000..a997ab8d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment_facts.py @@ -0,0 +1,80 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_global_assignment_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = {} + +api_call_object = 'global-assignment' +api_call_object_plural_version = 'global-assignments' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointGlobalAssignmentFacts(object): + module = cp_mgmt_global_assignment_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group.py new file mode 100644 index 00000000..07af4db9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group + +OBJECT = { + "name": "New Group 5", + "members": [ + "New Host 1", + "My Test Host 3" + ] +} + +CREATE_PAYLOAD = { + "name": "New Group 5", + "members": [ + "New Host 1", + "My Test Host 3" + ] +} + +UPDATE_PAYLOAD = { + "name": "New Group 5" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Group 5", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_group.api_call' +api_call_object = 'group' + + +class TestCheckpointGroup(object): + module = cp_mgmt_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_facts.py new file mode 100644 index 00000000..e85b6b74 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'group' +api_call_object_plural_version = 'groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointGroupFacts(object): + module = cp_mgmt_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion.py new file mode 100644 index 00000000..188fd75b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group_with_exclusion + +OBJECT = { + "name": "Group with exclusion", + "include": "New Group 1", + "except": "New Group 2" +} + +CREATE_PAYLOAD = { + "name": "Group with exclusion", + "include": "New Group 1", + "except": "New Group 2" +} + +UPDATE_PAYLOAD = { + "name": "Group with exclusion", + "include": "New Group 2", + "except": "New Group 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Group with exclusion", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_group_with_exclusion.api_call' +api_call_object = 'group-with-exclusion' + + +class TestCheckpointGroupWithExclusion(object): + module = cp_mgmt_group_with_exclusion + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py new file mode 100644 index 00000000..e819625f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group_with_exclusion_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'group-with-exclusion' +api_call_object_plural_version = 'groups-with-exclusion' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointGroupWithExclusionFacts(object): + module = cp_mgmt_group_with_exclusion_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host.py new file mode 100644 index 00000000..abaa9e3b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_host + +OBJECT = { + "name": "New Host 1", + "ip_address": "192.0.2.1" +} + +CREATE_PAYLOAD = { + "name": "New Host 1", + "ip_address": "192.0.2.1" +} + +UPDATE_PAYLOAD = { + "name": "New Host 1", + "color": "blue", + "ipv4_address": "192.0.2.2" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Host 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_host.api_call' +api_call_object = 'host' + + +class TestCheckpointHost(object): + module = cp_mgmt_host + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host_facts.py new file mode 100644 index 00000000..182aa81e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_host_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'host' +api_call_object_plural_version = 'hosts' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointHostFacts(object): + module = cp_mgmt_host_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_https_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_https_section.py new file mode 100644 index 00000000..3dc063a3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_https_section.py @@ -0,0 +1,114 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_https_section + +OBJECT = { + "layer": "Default Layer", + "position": 1, + "name": "New Section 1" +} + +CREATE_PAYLOAD = { + "layer": "Default Layer", + "position": 1, + "name": "New Section 1" +} + +UPDATE_PAYLOAD = { + "layer": "Default Layer", + "name": "New Section 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Section 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_https_section.api_call' +api_call_object = 'https-section' + + +class TestCheckpointHttpsSection(object): + module = cp_mgmt_https_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_policy.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_policy.py new file mode 100644 index 00000000..3086f5c9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_policy.py @@ -0,0 +1,76 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_install_policy + +PAYLOAD = { + "access": True, + "targets": [ + "corporate-gateway" + ], + "policy_package": "standard", + "threat_prevention": True, + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'install-policy' +failure_msg = '{command failed}' + + +class TestCheckpointInstallPolicy(object): + module = cp_mgmt_install_policy + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_software_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_software_package.py new file mode 100644 index 00000000..4442abbc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_software_package.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_install_software_package + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'install-software-package' +failure_msg = '{command failed}' + + +class TestCheckpointInstallSoftwarePackage(object): + module = cp_mgmt_install_software_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_mds_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_mds_facts.py new file mode 100644 index 00000000..938e4a49 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_mds_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_mds_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'mds' +api_call_object_plural_version = 'mdss' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointMdsFacts(object): + module = cp_mgmt_mds_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range.py new file mode 100644 index 00000000..8a68f901 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_multicast_address_range + +OBJECT = { + "name": "New Multicast Address Range", + "ip_address_first": "224.0.0.1", + "ip_address_last": "224.0.0.4" +} + +CREATE_PAYLOAD = { + "name": "New Multicast Address Range", + "ip_address_first": "224.0.0.1", + "ip_address_last": "224.0.0.4" +} + +UPDATE_PAYLOAD = { + "name": "New Multicast Address Range", + "ip_address_first": "224.0.0.7", + "ip_address_last": "224.0.0.10" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Multicast Address Range", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_multicast_address_range.api_call' +api_call_object = 'multicast-address-range' + + +class TestCheckpointMulticastAddressRange(object): + module = cp_mgmt_multicast_address_range + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py new file mode 100644 index 00000000..3de8fa06 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_multicast_address_range_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'multicast-address-range' +api_call_object_plural_version = 'multicast-address-ranges' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointMulticastAddressRangeFacts(object): + module = cp_mgmt_multicast_address_range_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_rule_facts.py new file mode 100644 index 00000000..eae9cf61 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_rule_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_nat_rule_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'nat-rule' +api_call_object_plural_version = 'nat-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointNatRuleFacts(object): + module = cp_mgmt_nat_rule_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_section.py new file mode 100644 index 00000000..d666ca88 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_section.py @@ -0,0 +1,114 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_nat_section + +OBJECT = { + "package": "standard", + "name": "New Section 1", + "position": 1 +} + +CREATE_PAYLOAD = { + "package": "standard", + "name": "New Section 1", + "position": 1 +} + +UPDATE_PAYLOAD = { + "package": "standard", + "name": "New Section 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Section 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_nat_section.api_call' +api_call_object = 'nat-section' + + +class TestCheckpointNatSection(object): + module = cp_mgmt_nat_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network.py new file mode 100644 index 00000000..0935108f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network.py @@ -0,0 +1,116 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_network + +OBJECT = { + "name": "New Network 1", + "subnet": "192.0.2.0", + "subnet_mask": "255.255.255.0" +} + +CREATE_PAYLOAD = { + "name": "New Network 1", + "subnet": "192.0.2.0", + "subnet_mask": "255.255.255.0" +} + +UPDATE_PAYLOAD = { + "name": "New Network 1", + "color": "blue", + "subnet": "192.0.0.0", + "mask_length": 16 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Network 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_network.api_call' +api_call_object = 'network' + + +class TestCheckpointNetwork(object): + module = cp_mgmt_network + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network_facts.py new file mode 100644 index 00000000..1302dbba --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_network_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'network' +api_call_object_plural_version = 'networks' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointNetworkFacts(object): + module = cp_mgmt_network_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package.py new file mode 100644 index 00000000..dd389dad --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package.py @@ -0,0 +1,133 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_package + +OBJECT = { + "name": "New_Standard_Package_1", + "comments": "My Comments", + "color": "orange", + "access": True, + "threat_prevention": False +} + +CREATE_PAYLOAD = { + "name": "New_Standard_Package_1", + "comments": "My Comments", + "color": "orange", + "access": True, + "threat_prevention": False +} + +UPDATE_PAYLOAD = { + "name": "New_Standard_Package_1", + "access_layers": { + "add": [ + { + "name": "New Access Layer 1", + "position": 1 + } + ] + }, + "threat_layers": { + "add": [ + { + "name": "New Layer 1", + "position": 2 + } + ] + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_Standard_Package_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_package.api_call' +api_call_object = 'package' + + +class TestCheckpointPackage(object): + module = cp_mgmt_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package_facts.py new file mode 100644 index 00000000..fbb825b3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_package_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'package' +api_call_object_plural_version = 'packages' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointPackageFacts(object): + module = cp_mgmt_package_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_publish.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_publish.py new file mode 100644 index 00000000..bcce0851 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_publish.py @@ -0,0 +1,70 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_publish + +PAYLOAD = { + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'publish' +failure_msg = '{command failed}' + + +class TestCheckpointPublish(object): + module = cp_mgmt_publish + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_put_file.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_put_file.py new file mode 100644 index 00000000..7ad11efa --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_put_file.py @@ -0,0 +1,76 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_put_file + +PAYLOAD = { + "targets": [ + "corporate-gateway" + ], + "file_path": "/home/admin/", + "file_name": "vsx_conf", + "file_content": "vs ip 192.0.2.1\nvs2 ip 192.0.2.2", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'put-file' +failure_msg = '{command failed}' + + +class TestCheckpointPutFile(object): + module = cp_mgmt_put_file + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_ips_update.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_ips_update.py new file mode 100644 index 00000000..7202790a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_ips_update.py @@ -0,0 +1,70 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_run_ips_update + +PAYLOAD = { + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'run-ips-update' +failure_msg = '{command failed}' + + +class TestCheckpointRunIpsUpdate(object): + module = cp_mgmt_run_ips_update + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_script.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_script.py new file mode 100644 index 00000000..730b5bff --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_script.py @@ -0,0 +1,75 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_run_script + +PAYLOAD = { + "script": "ls -l /", + "targets": [ + "corporate-gateway" + ], + "script_name": "Script Example: List files under / dir", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'run-script' +failure_msg = '{command failed}' + + +class TestCheckpointRunScript(object): + module = cp_mgmt_run_script + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone.py new file mode 100644 index 00000000..13ef758b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_security_zone + +OBJECT = { + "name": "SZone1", + "comments": "My Security Zone 1", + "color": "yellow" +} + +CREATE_PAYLOAD = { + "name": "SZone1", + "comments": "My Security Zone 1", + "color": "yellow" +} + +UPDATE_PAYLOAD = { + "name": "SZone1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "SZone1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_security_zone.api_call' +api_call_object = 'security-zone' + + +class TestCheckpointSecurityZone(object): + module = cp_mgmt_security_zone + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone_facts.py new file mode 100644 index 00000000..3fa95f4d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_security_zone_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'security-zone' +api_call_object_plural_version = 'security-zones' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointSecurityZoneFacts(object): + module = cp_mgmt_security_zone_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc.py new file mode 100644 index 00000000..d8fd216a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_dce_rpc + +OBJECT = { + "name": "New_DCE-RPC_Service_1", + "interface_uuid": "97aeb460-9aea-11d5-bd16-0090272ccb30", + "keep_connections_open_after_policy_installation": False +} + +CREATE_PAYLOAD = { + "name": "New_DCE-RPC_Service_1", + "interface_uuid": "97aeb460-9aea-11d5-bd16-0090272ccb30", + "keep_connections_open_after_policy_installation": False +} + +UPDATE_PAYLOAD = { + "name": "New_DCE-RPC_Service_1", + "color": "blue", + "interface_uuid": "44aeb460-9aea-11d5-bd16-009027266b30" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_DCE-RPC_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_dce_rpc.api_call' +api_call_object = 'service-dce-rpc' + + +class TestCheckpointServiceDceRpc(object): + module = cp_mgmt_service_dce_rpc + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py new file mode 100644 index 00000000..f06c615a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_dce_rpc_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-dce-rpc' +api_call_object_plural_version = 'services-dce-rpc' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceDceRpcFacts(object): + module = cp_mgmt_service_dce_rpc_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group.py new file mode 100644 index 00000000..f325f873 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group.py @@ -0,0 +1,121 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_group + +OBJECT = { + "name": "New Service Group 1", + "members": [ + "https", + "bootp", + "nisplus", + "HP-OpCdistm" + ] +} + +CREATE_PAYLOAD = { + "name": "New Service Group 1", + "members": [ + "https", + "bootp", + "nisplus", + "HP-OpCdistm" + ] +} + +UPDATE_PAYLOAD = { + "name": "New Service Group 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Service Group 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_group.api_call' +api_call_object = 'service-group' + + +class TestCheckpointServiceGroup(object): + module = cp_mgmt_service_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group_facts.py new file mode 100644 index 00000000..2457157c --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-group' +api_call_object_plural_version = 'service-groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceGroupFacts(object): + module = cp_mgmt_service_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp.py new file mode 100644 index 00000000..173dfec1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp + +OBJECT = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +CREATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +UPDATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 45, + "icmp_code": 13 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Icmp1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_icmp.api_call' +api_call_object = 'service-icmp' + + +class TestCheckpointServiceIcmp(object): + module = cp_mgmt_service_icmp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6.py new file mode 100644 index 00000000..2194bed2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp6 + +OBJECT = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +CREATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +UPDATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 45, + "icmp_code": 13 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Icmp1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_icmp6.api_call' +api_call_object = 'service-icmp6' + + +class TestCheckpointServiceIcmp6(object): + module = cp_mgmt_service_icmp6 + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6_facts.py new file mode 100644 index 00000000..7ac4fd7a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp6_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-icmp6' +api_call_object_plural_version = 'services-icmp6' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceIcmp6Facts(object): + module = cp_mgmt_service_icmp6_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp_facts.py new file mode 100644 index 00000000..c5979e7f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-icmp' +api_call_object_plural_version = 'services-icmp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceIcmpFacts(object): + module = cp_mgmt_service_icmp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other.py new file mode 100644 index 00000000..993481cc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other.py @@ -0,0 +1,133 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_other + +OBJECT = { + "name": "New_Service_1", + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "ip_protocol": 51, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +CREATE_PAYLOAD = { + "name": "New_Service_1", + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "ip_protocol": 51, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +UPDATE_PAYLOAD = { + "name": "New_Service_1", + "color": "blue", + "aggressive_aging": { + "default_timeout": 3600 + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_other.api_call' +api_call_object = 'service-other' + + +class TestCheckpointServiceOther(object): + module = cp_mgmt_service_other + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other_facts.py new file mode 100644 index 00000000..ea8af4e1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_other_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-other' +api_call_object_plural_version = 'services-other' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceOtherFacts(object): + module = cp_mgmt_service_other_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc.py new file mode 100644 index 00000000..da12b433 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_rpc + +OBJECT = { + "name": "New_RPC_Service_1", + "program_number": 5669, + "keep_connections_open_after_policy_installation": False +} + +CREATE_PAYLOAD = { + "name": "New_RPC_Service_1", + "program_number": 5669, + "keep_connections_open_after_policy_installation": False +} + +UPDATE_PAYLOAD = { + "name": "New_RPC_Service_1", + "color": "blue", + "program_number": 5656 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_RPC_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_rpc.api_call' +api_call_object = 'service-rpc' + + +class TestCheckpointServiceRpc(object): + module = cp_mgmt_service_rpc + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc_facts.py new file mode 100644 index 00000000..88aa379e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_rpc_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-rpc' +api_call_object_plural_version = 'services-rpc' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceRpcFacts(object): + module = cp_mgmt_service_rpc_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp.py new file mode 100644 index 00000000..70296bc4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp.py @@ -0,0 +1,134 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_sctp + +OBJECT = { + "name": "New_SCTP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +CREATE_PAYLOAD = { + "name": "New_SCTP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +UPDATE_PAYLOAD = { + "name": "New_SCTP_Service_1", + "color": "blue", + "port": 5656, + "aggressive_aging": { + "default_timeout": 3600 + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_SCTP_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_sctp.api_call' +api_call_object = 'service-sctp' + + +class TestCheckpointServiceSctp(object): + module = cp_mgmt_service_sctp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp_facts.py new file mode 100644 index 00000000..fe05693d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_sctp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-sctp' +api_call_object_plural_version = 'services-sctp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceSctpFacts(object): + module = cp_mgmt_service_sctp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp.py new file mode 100644 index 00000000..347606f0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp.py @@ -0,0 +1,134 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_tcp + +OBJECT = { + "name": "New_TCP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +CREATE_PAYLOAD = { + "name": "New_TCP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +UPDATE_PAYLOAD = { + "name": "New_TCP_Service_1", + "color": "blue", + "port": 5656, + "aggressive_aging": { + "default_timeout": 3600 + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_TCP_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_tcp.api_call' +api_call_object = 'service-tcp' + + +class TestCheckpointServiceTcp(object): + module = cp_mgmt_service_tcp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp_facts.py new file mode 100644 index 00000000..25c087db --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_tcp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-tcp' +api_call_object_plural_version = 'services-tcp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceTcpFacts(object): + module = cp_mgmt_service_tcp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp.py new file mode 100644 index 00000000..c8c80340 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp.py @@ -0,0 +1,137 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_udp + +OBJECT = { + "name": "New_UDP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + }, + "accept_replies": False +} + +CREATE_PAYLOAD = { + "name": "New_UDP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + }, + "accept_replies": False +} + +UPDATE_PAYLOAD = { + "name": "New_UDP_Service_1", + "color": "blue", + "port": 5656, + "aggressive_aging": { + "default_timeout": 3600 + }, + "accept_replies": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_UDP_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_udp.api_call' +api_call_object = 'service-udp' + + +class TestCheckpointServiceUdp(object): + module = cp_mgmt_service_udp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp_facts.py new file mode 100644 index 00000000..f213be30 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_udp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-udp' +api_call_object_plural_version = 'services-udp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceUdpFacts(object): + module = cp_mgmt_service_udp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_session_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_session_facts.py new file mode 100644 index 00000000..88485836 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_session_facts.py @@ -0,0 +1,80 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_session_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = {} + +api_call_object = 'session' +api_call_object_plural_version = 'sessions' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointSessionFacts(object): + module = cp_mgmt_session_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_nat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_nat_rule.py new file mode 100644 index 00000000..9defa2bc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_nat_rule.py @@ -0,0 +1,75 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_set_nat_rule + +PAYLOAD = { + "package": "standard", + "enabled": False, + "comments": "rule for RND members RNDNetwork-> RND to Internal Network", + "original_service": "ssh_version_2", + "original_source": "Any", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'set-nat-rule' +failure_msg = '{command failed}' + + +class TestCheckpointSetNatRule(object): + module = cp_mgmt_set_nat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_access_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_access_section.py new file mode 100644 index 00000000..78af3cde --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_access_section.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_access_section + +PAYLOAD = { + "layer": "Network", + "name": "New Section 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-access-section' +failure_msg = '{command failed}' + + +class TestCheckpointShowAccessSection(object): + module = cp_mgmt_show_access_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_https_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_https_section.py new file mode 100644 index 00000000..91080ea5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_https_section.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_https_section + +PAYLOAD = { + "layer": "Default Layer", + "name": "New Section 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-https-section' +failure_msg = '{command failed}' + + +class TestCheckpointShowHttpsSection(object): + module = cp_mgmt_show_https_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_nat_section.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_nat_section.py new file mode 100644 index 00000000..41b0d22a --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_nat_section.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_nat_section + +PAYLOAD = { + "package": "standard", + "name": "New Section 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-nat-section' +failure_msg = '{command failed}' + + +class TestCheckpointShowNatSection(object): + module = cp_mgmt_show_nat_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_software_package_details.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_software_package_details.py new file mode 100644 index 00000000..71f58187 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_software_package_details.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_software_package_details + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-software-package-details' +failure_msg = '{command failed}' + + +class TestCheckpointShowSoftwarePackageDetails(object): + module = cp_mgmt_show_software_package_details + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway.py new file mode 100644 index 00000000..7dce34d8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_simple_gateway + +OBJECT = { + "name": "gw1", + "ip_address": "192.0.2.1" +} + +CREATE_PAYLOAD = { + "name": "gw1", + "ip_address": "192.0.2.1" +} + +UPDATE_PAYLOAD = { + "name": "gw1", + "ips": True, + "application_control": True, + "url_filtering": True, + "anti_bot": True, + "anti_virus": True, + "threat_emulation": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "gw1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_simple_gateway.api_call' +api_call_object = 'simple-gateway' + + +class TestCheckpointSimpleGateway(object): + module = cp_mgmt_simple_gateway + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway_facts.py new file mode 100644 index 00000000..f89d476d --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_simple_gateway_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'simple-gateway' +api_call_object_plural_version = 'simple-gateways' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointSimpleGatewayFacts(object): + module = cp_mgmt_simple_gateway_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag.py new file mode 100644 index 00000000..5f2e7c0e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_tag + +OBJECT = { + "name": "My New Tag1", + "tags": [ + "tag1", + "tag2" + ] +} + +CREATE_PAYLOAD = { + "name": "My New Tag1", + "tags": [ + "tag1", + "tag2" + ] +} + +UPDATE_PAYLOAD = { + "name": "My New Tag1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "My New Tag1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_tag.api_call' +api_call_object = 'tag' + + +class TestCheckpointTag(object): + module = cp_mgmt_tag + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag_facts.py new file mode 100644 index 00000000..cb41722b --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_tag_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'tag' +api_call_object_plural_version = 'tags' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointTagFacts(object): + module = cp_mgmt_tag_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception.py new file mode 100644 index 00000000..d9f4e183 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception.py @@ -0,0 +1,119 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_exception + +OBJECT = { + "layer": "New Layer 1", + "name": "Exception Rule", + "track": "Log", + "rule_name": "First rule", + "protected_scope": "All_Internet" +} + +CREATE_PAYLOAD = { + "layer": "New Layer 1", + "name": "Exception Rule", + "track": "Log", + "rule_name": "First rule", + "protected_scope": "All_Internet" +} + +UPDATE_PAYLOAD = { + "name": "Exception Rule", + "layer": "New Layer 1", + "rule_name": "First rule", +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Exception Rule", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_exception.api_call' +api_call_object = 'threat-exception' + + +class TestCheckpointThreatException(object): + module = cp_mgmt_threat_exception + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception_facts.py new file mode 100644 index 00000000..dd4881d0 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_exception_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-exception' +api_call_object_plural_version = 'threat-rule-exception-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatExceptionFacts(object): + module = cp_mgmt_threat_exception_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator.py new file mode 100644 index 00000000..e004acc5 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator.py @@ -0,0 +1,145 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_indicator + +OBJECT = { + "name": "My_Indicator", + "observables": [ + { + "name": "My_Observable", + "mail-to": "someone@somewhere.com", + "confidence": "medium", + "severity": "low", + "product": "AV" + } + ], + "action": "Inactive", + "profile_overrides": [ + { + "profile": "My_Profile", + "action": "detect" + } + ], + "ignore_warnings": True +} + +CREATE_PAYLOAD = { + "name": "My_Indicator", + "observables": [ + { + "name": "My_Observable", + "mail-to": "someone@somewhere.com", + "confidence": "medium", + "severity": "low", + "product": "AV" + } + ], + "action": "Inactive", + "profile_overrides": [ + { + "profile": "My_Profile", + "action": "detect" + } + ], + "ignore_warnings": True +} + +UPDATE_PAYLOAD = { + "name": "My_Indicator", + "action": "Inactive", + "ignore_warnings": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "My_Indicator", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_indicator.api_call' +api_call_object = 'threat-indicator' + + +class TestCheckpointThreatIndicator(object): + module = cp_mgmt_threat_indicator + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator_facts.py new file mode 100644 index 00000000..12ec3d5c --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_indicator_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-indicator' +api_call_object_plural_version = 'threat-indicators' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatIndicatorFacts(object): + module = cp_mgmt_threat_indicator_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer.py new file mode 100644 index 00000000..c10c2584 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer.py @@ -0,0 +1,109 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_layer + +OBJECT = { + "name": "New Layer 1" +} + +CREATE_PAYLOAD = { + "name": "New Layer 1" +} + +UPDATE_PAYLOAD = { + "name": "New Layer 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Layer 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_layer.api_call' +api_call_object = 'threat-layer' + + +class TestCheckpointThreatLayer(object): + module = cp_mgmt_threat_layer + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer_facts.py new file mode 100644 index 00000000..25892596 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_layer_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-layer' +api_call_object_plural_version = 'threat-layers' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatLayerFacts(object): + module = cp_mgmt_threat_layer_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile.py new file mode 100644 index 00000000..b786d052 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile.py @@ -0,0 +1,150 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_profile + +OBJECT = { + "name": "New Profile 1", + "ips": True, + "active_protections_performance_impact": "low", + "active_protections_severity": "Critical", + "confidence_level_medium": "Inactive", + "confidence_level_high": "Inactive", + "threat_emulation": True, + "anti_virus": True, + "anti_bot": True, + "ips_settings": { + "newly_updated_protections": "staging", + "exclude_protection_with_performance_impact": True, + "exclude_protection_with_performance_impact_mode": "high or lower" + } +} + +CREATE_PAYLOAD = { + "name": "New Profile 1", + "ips": True, + "active_protections_performance_impact": "low", + "active_protections_severity": "Critical", + "confidence_level_medium": "Inactive", + "confidence_level_high": "Inactive", + "threat_emulation": True, + "anti_virus": True, + "anti_bot": True, + "ips_settings": { + "newly_updated_protections": "staging", + "exclude_protection_with_performance_impact": True, + "exclude_protection_with_performance_impact_mode": "high or lower" + } +} + +UPDATE_PAYLOAD = { + "name": "New Profile 1", + "comments": "update recommended profile", + "ips": False, + "active_protections_performance_impact": "low", + "active_protections_severity": "Critical", + "confidence_level_low": "Inactive", + "confidence_level_medium": "Inactive", + "confidence_level_high": "Inactive", + "threat_emulation": True, + "anti_virus": False, + "anti_bot": True, + "ips_settings": { + "newly_updated_protections": "active", + "exclude_protection_with_performance_impact": True, + "exclude_protection_with_performance_impact_mode": "high or lower" + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Profile 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_profile.api_call' +api_call_object = 'threat-profile' + + +class TestCheckpointThreatProfile(object): + module = cp_mgmt_threat_profile + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile_facts.py new file mode 100644 index 00000000..7ab8f8e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_profile_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-profile' +api_call_object_plural_version = 'threat-profiles' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatProfileFacts(object): + module = cp_mgmt_threat_profile_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_protection_override.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_protection_override.py new file mode 100644 index 00000000..43572141 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_protection_override.py @@ -0,0 +1,79 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_protection_override + +PAYLOAD = { + "name": "FTP Commands", + "overrides": [ + { + "profile": "New Profile 1", + "action": "inactive", + "track": "None", + "capture-packets": True + } + ], + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'set-threat-protection' +failure_msg = '{command failed}' + + +class TestCheckpointThreatProtectionOverride(object): + module = cp_mgmt_threat_protection_override + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule.py new file mode 100644 index 00000000..b300b024 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule.py @@ -0,0 +1,124 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_rule + +OBJECT = { + "layer": "New Layer 1", + "name": "First threat rule", + "comments": "", + "track": "None", + "protected_scope": "All_Internet", + "install_on": "Policy Targets" +} + +CREATE_PAYLOAD = { + "layer": "New Layer 1", + "name": "First threat rule", + "comments": "", + "track": "None", + "protected_scope": "All_Internet", + "install_on": "Policy Targets" +} + +UPDATE_PAYLOAD = { + "layer": "New Layer 1", + "comments": "commnet for the first rule", + "action": "New Profile 1", + "name": "First threat rule", + "protected_scope": "All_Internet", + "install_on": "Policy Targets" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "First threat rule", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_rule.api_call' +api_call_object = 'threat-rule' + + +class TestCheckpointThreatRule(object): + module = cp_mgmt_threat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule_facts.py new file mode 100644 index 00000000..13491cbe --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_rule_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-rule' +api_call_object_plural_version = 'threat-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatRuleFacts(object): + module = cp_mgmt_threat_rule_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time.py new file mode 100644 index 00000000..c1f336d9 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time.py @@ -0,0 +1,184 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_time + +OBJECT = { + "name": "timeObject1", + "end": { + "date": "24-Nov-2014", + "time": "21:22" + }, + "recurrence": { + "pattern": "Daily", + "month": "Any", + "weekdays": [ + "Sun", + "Mon" + ], + "days": [ + "1" + ] + }, + "start_now": True, + "end_never": False, + "hours_ranges": [ + { + "from": "00:00", + "to": "00:00", + "enabled": True, + "index": 1 + }, + { + "from": "00:00", + "to": "00:00", + "enabled": False, + "index": 2 + } + ] +} + +CREATE_PAYLOAD = { + "name": "timeObject1", + "end": { + "date": "24-Nov-2014", + "time": "21:22" + }, + "recurrence": { + "pattern": "Daily", + "month": "Any", + "weekdays": [ + "Sun", + "Mon" + ], + "days": [ + "1" + ] + }, + "start_now": True, + "end_never": False, + "hours_ranges": [ + { + "from": "00:00", + "to": "00:00", + "enabled": True, + "index": 1 + }, + { + "from": "00:00", + "to": "00:00", + "enabled": False, + "index": 2 + } + ] +} + +UPDATE_PAYLOAD = { + "name": "timeObject1", + "recurrence": { + "pattern": "Weekly", + "weekdays": [ + "Fri" + ], + "month": "Any" + }, + "hours_ranges": [ + { + "from": "00:22", + "to": "00:33" + } + ] +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "timeObject1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_time.api_call' +api_call_object = 'time' + + +class TestCheckpointTime(object): + module = cp_mgmt_time + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time_facts.py new file mode 100644 index 00000000..c44c962e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_time_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'time' +api_call_object_plural_version = 'times' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointTimeFacts(object): + module = cp_mgmt_time_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_uninstall_software_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_uninstall_software_package.py new file mode 100644 index 00000000..09bb5c37 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_uninstall_software_package.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_uninstall_software_package + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'uninstall-software-package' +failure_msg = '{command failed}' + + +class TestCheckpointUninstallSoftwarePackage(object): + module = cp_mgmt_uninstall_software_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_policy.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_policy.py new file mode 100644 index 00000000..bd708bff --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_policy.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_verify_policy + +PAYLOAD = { + "policy_package": "standard", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'verify-policy' +failure_msg = '{command failed}' + + +class TestCheckpointVerifyPolicy(object): + module = cp_mgmt_verify_policy + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_software_package.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_software_package.py new file mode 100644 index 00000000..8a89e42f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_software_package.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_verify_software_package + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'verify-software-package' +failure_msg = '{command failed}' + + +class TestCheckpointVerifySoftwarePackage(object): + module = cp_mgmt_verify_software_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed.py new file mode 100644 index 00000000..82ce2929 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed.py @@ -0,0 +1,142 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_meshed + +OBJECT = { + "name": "New_VPN_Community_Meshed_1", + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +CREATE_PAYLOAD = { + "name": "New_VPN_Community_Meshed_1", + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +UPDATE_PAYLOAD = { + "name": "New_VPN_Community_Meshed_1", + "encryption_method": "ikev2 only", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_VPN_Community_Meshed_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_vpn_community_meshed.api_call' +api_call_object = 'vpn-community-meshed' + + +class TestCheckpointVpnCommunityMeshed(object): + module = cp_mgmt_vpn_community_meshed + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py new file mode 100644 index 00000000..2b0b8404 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_meshed_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'vpn-community-meshed' +api_call_object_plural_version = 'vpn-communities-meshed' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointVpnCommunityMeshedFacts(object): + module = cp_mgmt_vpn_community_meshed_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star.py new file mode 100644 index 00000000..5bea660f --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star.py @@ -0,0 +1,148 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_star + +OBJECT = { + "name": "New_VPN_Community_Star_1", + "center_gateways": [ + "Second_Security_Gateway" + ], + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +CREATE_PAYLOAD = { + "name": "New_VPN_Community_Star_1", + "center_gateways": [ + "Second_Security_Gateway" + ], + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +UPDATE_PAYLOAD = { + "name": "New_VPN_Community_Star_1", + "encryption_method": "ikev2 only", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_VPN_Community_Star_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_vpn_community_star.api_call' +api_call_object = 'vpn-community-star' + + +class TestCheckpointVpnCommunityStar(object): + module = cp_mgmt_vpn_community_star + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py new file mode 100644 index 00000000..34a2d1dc --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_star_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'vpn-community-star' +api_call_object_plural_version = 'vpn-communities-star' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointVpnCommunityStarFacts(object): + module = cp_mgmt_vpn_community_star_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard.py new file mode 100644 index 00000000..c0a5090e --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard.py @@ -0,0 +1,116 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_wildcard + +OBJECT = { + "name": "New Wildcard 1", + "ipv4_address": "192.168.2.1", + "ipv4_mask_wildcard": "0.0.0.128" +} + +CREATE_PAYLOAD = { + "name": "New Wildcard 1", + "ipv4_address": "192.168.2.1", + "ipv4_mask_wildcard": "0.0.0.128" +} + +UPDATE_PAYLOAD = { + "name": "New Wildcard 1", + "color": "blue", + "ipv6_address": "2001:db8::1111", + "ipv6_mask_wildcard": "ffff:ffff::f0f0" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Wildcard 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_wildcard.api_call' +api_call_object = 'wildcard' + + +class TestCheckpointWildcard(object): + module = cp_mgmt_wildcard + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard_facts.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard_facts.py new file mode 100644 index 00000000..a16c3fe8 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_wildcard_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'wildcard' +api_call_object_plural_version = 'wildcards' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointWildcardFacts(object): + module = cp_mgmt_wildcard_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/plugins/httpapi/test_checkpoint.py b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/plugins/httpapi/test_checkpoint.py new file mode 100644 index 00000000..df891e27 --- /dev/null +++ b/collections-debian-merged/ansible_collections/check_point/mgmt/tests/units/plugins/httpapi/test_checkpoint.py @@ -0,0 +1,86 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import json + +from ansible.module_utils.six.moves.urllib.error import HTTPError +from units.compat import mock +from units.compat import unittest + +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.connection import ConnectionError +from ansible.module_utils.six import BytesIO, StringIO +from ansible_collections.check_point.mgmt.plugins.httpapi.checkpoint import HttpApi + +EXPECTED_BASE_HEADERS = { + 'Content-Type': 'application/json' +} + + +class FakeCheckpointHttpApiPlugin(HttpApi): + def __init__(self, conn): + super(FakeCheckpointHttpApiPlugin, self).__init__(conn) + self.hostvars = { + 'domain': None + } + + def get_option(self, var): + return self.hostvars[var] + + def set_option(self, var, val): + self.hostvars[var] = val + + +class TestCheckpointHttpApi(unittest.TestCase): + + def setUp(self): + self.connection_mock = mock.Mock() + self.checkpoint_plugin = FakeCheckpointHttpApiPlugin(self.connection_mock) + self.checkpoint_plugin._load_name = 'httpapi' + + def test_login_raises_exception_when_username_and_password_are_not_provided(self): + with self.assertRaises(AnsibleConnectionFailure) as res: + self.checkpoint_plugin.login(None, None) + assert 'Username and password are required' in str(res.exception) + + def test_login_raises_exception_when_invalid_response(self): + self.connection_mock.send.return_value = self._connection_response( + {'NOSIDKEY': 'NOSIDVALUE'} + ) + + with self.assertRaises(ConnectionError) as res: + self.checkpoint_plugin.login('foo', 'bar') + + assert 'Server returned response without token info during connection authentication' in str(res.exception) + + def test_send_request_should_return_error_info_when_http_error_raises(self): + self.connection_mock.send.side_effect = HTTPError('http://testhost.com', 500, '', {}, + StringIO('{"errorMessage": "ERROR"}')) + + resp = self.checkpoint_plugin.send_request('/test', None) + + assert resp == (500, {'errorMessage': 'ERROR'}) + + def test_login_to_global_domain(self): + temp_domain = self.checkpoint_plugin.hostvars['domain'] + self.checkpoint_plugin.hostvars['domain'] = 'test_domain' + self.connection_mock.send.return_value = self._connection_response( + {'sid': 'SID', 'uid': 'UID'} + ) + + self.checkpoint_plugin.login('USERNAME', 'PASSWORD') + + self.connection_mock.send.assert_called_once_with('/web_api/login', mock.ANY, headers=mock.ANY, + method=mock.ANY) + self.checkpoint_plugin.hostvars['domain'] = temp_domain + + @staticmethod + def _connection_response(response, status=200): + response_mock = mock.Mock() + response_mock.getcode.return_value = status + response_text = json.dumps(response) if type(response) is dict else response + response_data = BytesIO(response_text.encode() if response_text else ''.encode()) + return response_mock, response_data |